CVE-2023-43809

{"id": "CVE-2023-43809", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-10-04T21:15:10.280", "references": [{"url": "https://github.com/charmbracelet/soft-serve/commit/407c4ec72d1006cee1ff8c1775e5bcc091c2bc89", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/charmbracelet/soft-serve/issues/389", "tags": ["Exploit", "Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/charmbracelet/soft-serve/releases/tag/v0.6.2", "tags": ["Release Notes"], "source": "security-advisories@github.com"}, {"url": "https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-mc97-99j4-vm2v", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the `allow-keyless` setting, and the public key requires additional client-side verification for example using FIDO2 or GPG. This is due to insufficient validation procedures of the public key step during SSH request handshake, granting unauthorized access if the keyboard-interaction mode is utilized. An attacker could exploit this vulnerability by presenting manipulated SSH requests using keyboard-interactive authentication mode. This could potentially result in unauthorized access to the Soft Serve. Users should upgrade to the latest Soft Serve version `v0.6.2` to receive the patch for this issue. To workaround this vulnerability without upgrading, users can temporarily disable Keyboard-Interactive SSH Authentication using the `allow-keyless` setting."}, {"lang": "es", "value": "Soft Serve es un servidor Git autohospedable para la l\u00ednea de comandos. Antes de la versi\u00f3n 0.6.2, una vulnerabilidad de seguridad en Soft Serve podr\u00eda permitir a un atacante remoto no autenticado eludir la autenticaci\u00f3n de clave p\u00fablica cuando la autenticaci\u00f3n SSH interactiva con teclado est\u00e1 activa, a trav\u00e9s de la configuraci\u00f3n \"allow-keyless\", y la clave p\u00fablica requiere verificaci\u00f3n adicional del lado del cliente, por ejemplo, utilizando FIDO2 o GPG. Esto se debe a procedimientos de validaci\u00f3n insuficientes del paso de la clave p\u00fablica durante el protocolo de enlace de solicitud SSH, lo que otorga acceso no autorizado si se utiliza el modo de interacci\u00f3n con el teclado. Un atacante podr\u00eda aprovechar esta vulnerabilidad presentando solicitudes SSH manipuladas utilizando el modo de autenticaci\u00f3n interactivo con teclado. Potencialmente, esto podr\u00eda resultar en un acceso no autorizado al Soft Serve. Los usuarios deben actualizar a la \u00faltima versi\u00f3n de Soft Serve `v0.6.2` para recibir el parche para este problema. Como workaround esta vulnerabilidad sin realizar una actualizaci\u00f3n, los usuarios pueden desactivar temporalmente la autenticaci\u00f3n SSH interactiva con teclado utilizando la configuraci\u00f3n \"allow-keyless\"."}], "lastModified": "2023-10-10T20:12:47.170", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:charm:soft_serve:*:*:*:*:*:go:*:*", "vulnerable": true, "matchCriteriaId": "962411DB-9A36-4D48-B5E5-BAC38703E87D", "versionEndExcluding": "0.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}