CVE-2008-0299 – paramiko

Package

Manager: pip
Name: paramiko
Vulnerable Version: >=0 <1.7.1-3

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.01232 pctl0.7841

Details

Paramiko Unsafe randomness usage may allow access to sensitive information common.py in Paramiko 1.7.1 and earlier, when using threads or forked processes, does not properly use RandomPool, which allows one session to obtain sensitive information from another session by predicting the state of the pool.

Metadata

Created: 2022-05-01T23:28:57Z
Modified: 2024-10-08T13:10:26Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wqmm-q65g-2hqr/GHSA-wqmm-q65g-2hqr.json
CWE IDs: ["CWE-200"]
Alternative ID: GHSA-wqmm-q65g-2hqr
Finding: F017
Auto approve: 1