Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
casdoor's use of`ssh.InsecureIgnoreHostKey()` disables host key verification
An issue discovered in casdoor v1.636.0 allows attackers to obtain sensitive information via the ssh.InsecureIgnoreHostKey() method.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02N2Z3LXc4ZjItODh3cM4AA-Ub
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 4 months ago
Updated: 3 months ago
CVSS Score: 3.7
CVSS vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Identifiers: GHSA-67fw-w8f2-88wp, CVE-2024-41264
References:
- https://nvd.nist.gov/vuln/detail/CVE-2024-41264
- https://gist.github.com/nyxfqq/33ceaccbc9b05d439a944c2b55fa1c0f
- https://github.com/casdoor/casdoor/blob/v1.636.0/object/viaSSHDialer.go
- https://pkg.go.dev/vuln/GO-2024-3026
- https://github.com/advisories/GHSA-67fw-w8f2-88wp
Blast Radius: 0.0
Affected Packages
go:github.com/casdoor/casdoor
Dependent packages: 0Dependent repositories: 1
Downloads:
Affected Version Ranges: >= 1.541.0, <= 1.636.0
No known fixed version
All affected versions: 1.541.0, 1.542.0, 1.543.0, 1.544.0, 1.545.0, 1.546.0, 1.546.1, 1.547.0, 1.547.1, 1.548.0, 1.548.1, 1.549.0, 1.550.0, 1.550.1, 1.551.0, 1.552.0, 1.552.1, 1.553.0, 1.553.1, 1.554.0, 1.554.1, 1.555.0, 1.555.1, 1.556.0, 1.556.1, 1.557.0, 1.558.0, 1.559.0, 1.560.0, 1.560.1, 1.561.0, 1.561.1, 1.562.0, 1.562.1, 1.563.0, 1.563.1, 1.564.0, 1.565.0, 1.566.0, 1.567.0, 1.567.1, 1.567.2, 1.568.0, 1.569.0, 1.570.0, 1.571.0, 1.571.1, 1.572.0, 1.573.0, 1.574.0, 1.574.1, 1.575.0, 1.575.1, 1.576.0, 1.577.0, 1.578.0, 1.579.0, 1.579.1, 1.580.0, 1.581.0, 1.582.0, 1.583.0, 1.583.1, 1.584.0, 1.585.0, 1.585.1, 1.586.0, 1.587.0, 1.588.0, 1.588.1, 1.589.0, 1.590.0, 1.591.0, 1.591.1, 1.592.0, 1.592.1, 1.593.0, 1.594.0, 1.595.0, 1.596.0, 1.597.0, 1.598.0, 1.599.0, 1.600.0, 1.601.0, 1.602.0, 1.603.0, 1.604.0, 1.605.0, 1.605.1, 1.606.0, 1.607.0, 1.608.0, 1.609.0, 1.610.0, 1.610.1, 1.611.0, 1.611.1, 1.611.2, 1.612.0, 1.613.0, 1.614.0, 1.615.0, 1.616.0, 1.617.0, 1.618.0, 1.619.0, 1.620.0, 1.621.0, 1.622.0, 1.623.0, 1.624.0, 1.625.0, 1.626.0, 1.627.0, 1.628.0, 1.629.0, 1.630.0, 1.631.0, 1.632.0, 1.633.0, 1.634.0, 1.635.0, 1.636.0