gsd-2022-45047
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD <= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.
Aliases
Aliases



{
  "GSD": {
    "alias": "CVE-2022-45047",
    "description": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.",
    "id": "GSD-2022-45047",
    "references": [
      "https://access.redhat.com/errata/RHSA-2022:8957",
      "https://access.redhat.com/errata/RHSA-2023:0074",
      "https://www.suse.com/security/cve/CVE-2022-45047.html",
      "https://access.redhat.com/errata/RHSA-2023:0552",
      "https://access.redhat.com/errata/RHSA-2023:0553",
      "https://access.redhat.com/errata/RHSA-2023:0554",
      "https://access.redhat.com/errata/RHSA-2023:0556",
      "https://access.redhat.com/errata/RHSA-2023:0560",
      "https://access.redhat.com/errata/RHSA-2023:0713",
      "https://access.redhat.com/errata/RHSA-2023:0758",
      "https://access.redhat.com/errata/RHSA-2023:0777",
      "https://access.redhat.com/errata/RHSA-2023:1043",
      "https://access.redhat.com/errata/RHSA-2023:1044",
      "https://access.redhat.com/errata/RHSA-2023:1045",
      "https://access.redhat.com/errata/RHSA-2023:1047",
      "https://access.redhat.com/errata/RHSA-2023:1049",
      "https://access.redhat.com/errata/RHSA-2023:1064"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-45047"
      ],
      "details": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.",
      "id": "GSD-2022-45047",
      "modified": "2023-12-13T01:19:24.616296Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security@apache.org",
        "ID": "CVE-2022-45047",
        "STATE": "PUBLIC",
        "TITLE": "Apache MINA SSHD: Java unsafe deserialization vulnerability"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "Apache MINA SSHD",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c=",
                          "version_value": "2.9.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apache Software Foundation"
            }
          ]
        }
      },
      "credit": [
        {
          "lang": "eng",
          "value": "The Apache MINA SSHD team would like to thank Zhang Zewei, NOFOCUS, for reporting this issue."
        }
      ],
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server."
          }
        ]
      },
      "generator": {
        "engine": "Vulnogram 0.0.9"
      },
      "impact": [
        {
          "other": "important"
        }
      ],
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-502 Deserialization of Untrusted Data"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
            "refsource": "MISC",
            "url": "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
          },
          {
            "name": "https://security.netapp.com/advisory/ntap-20240216-0008/",
            "refsource": "CONFIRM",
            "url": "https://security.netapp.com/advisory/ntap-20240216-0008/"
          }
        ]
      },
      "source": {
        "discovery": "UNKNOWN"
      },
      "work_around": [
        {
          "lang": "eng",
          "value": "For Apache MINA SSHD \u003c= 2.9.1, do not use org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider to generate and later load your server\u0027s host key. Use separately generated host key files, for instance in OpenSSH format, and load them via a org.apache.sshd.common.keyprovider.FileKeyPairProvider instead. Or use a custom implementation instead of SimpleGeneratorHostKeyProvider that uses the OpenSSH format for storing and loading the host key (via classes OpenSSHKeyPairResourceWriter and OpenSSHKeyPairResourceParser)."
        },
        {
          "lang": "eng",
          "value": "The issue was fixed in Apache MINA SSHD 2.9.2. "
        }
      ]
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "(,2.9.2)",
          "affected_versions": "All versions before 2.9.2",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2022-11-21",
          "description": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.",
          "fixed_versions": [
            "2.9.2"
          ],
          "identifier": "CVE-2022-45047",
          "identifiers": [
            "GHSA-fhw8-8j55-vwgq",
            "CVE-2022-45047"
          ],
          "not_impacted": "All versions starting from 2.9.2",
          "package_slug": "maven/org.apache.sshd/sshd-common",
          "pubdate": "2022-11-16",
          "solution": "Upgrade to version 2.9.2 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
            "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
            "https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32",
            "https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5",
            "https://github.com/advisories/GHSA-fhw8-8j55-vwgq"
          ],
          "uuid": "36ad34aa-63c5-40c5-a965-4724df7ecddd"
        },
        {
          "affected_range": "(,2.1.0)",
          "affected_versions": "All versions before 2.1.0",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2023-08-18",
          "description": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.",
          "fixed_versions": [
            "2.9.2"
          ],
          "identifier": "CVE-2022-45047",
          "identifiers": [
            "GHSA-fhw8-8j55-vwgq",
            "CVE-2022-45047"
          ],
          "not_impacted": "All versions starting from 2.1.0",
          "package_slug": "maven/org.apache.sshd/sshd-core",
          "pubdate": "2022-11-16",
          "solution": "Upgrade to version 2.9.2 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
            "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html",
            "https://github.com/apache/mina-sshd/commit/03238d51586f6b3c0bdbb1a23cf16799344d6c32",
            "https://github.com/apache/mina-sshd/commit/5a8fe830b2a2308a2b24ac8115a391af477f64f5",
            "https://github.com/apache/mina-sshd/commit/10de190e7d3f9189deb76b8d08c72334a1fe2df0",
            "https://github.com/advisories/GHSA-fhw8-8j55-vwgq"
          ],
          "uuid": "ff844e91-ea5b-4777-9f38-8455a6751ba5"
        },
        {
          "affected_range": "(,2.9.2)",
          "affected_versions": "All versions before 2.9.2",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-502",
            "CWE-937"
          ],
          "date": "2022-11-18",
          "description": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server.",
          "fixed_versions": [
            "2.9.2"
          ],
          "identifier": "CVE-2022-45047",
          "identifiers": [
            "CVE-2022-45047"
          ],
          "not_impacted": "All versions starting from 2.9.2",
          "package_slug": "maven/org.apache.sshd/sshd",
          "pubdate": "2022-11-16",
          "solution": "Upgrade to version 2.9.2 or above.",
          "title": "Deserialization of Untrusted Data",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2022-45047",
            "https://www.mail-archive.com/dev@mina.apache.org/msg39312.html"
          ],
          "uuid": "3724cb12-df77-481a-ba28-a473aaf237a9"
        }
      ]
    },
    "nvd.nist.gov": {
      "cve": {
        "configurations": [
          {
            "nodes": [
              {
                "cpeMatch": [
                  {
                    "criteria": "cpe:2.3:a:apache:sshd:*:*:*:*:*:*:*:*",
                    "matchCriteriaId": "00D0F9FD-039D-4097-979B-9242276B1DD3",
                    "versionEndIncluding": "2.9.1",
                    "vulnerable": true
                  }
                ],
                "negate": false,
                "operator": "OR"
              }
            ]
          }
        ],
        "descriptions": [
          {
            "lang": "en",
            "value": "Class org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider in Apache MINA SSHD \u003c= 2.9.1 uses Java deserialization to load a serialized java.security.PrivateKey. The class is one of several implementations that an implementor using Apache MINA SSHD can choose for loading the host keys of an SSH server."
          },
          {
            "lang": "es",
            "value": "La clase org.apache.sshd.server.keyprovider.SimpleGeneratorHostKeyProvider en Apache MINA SSHD anteriore a la versi\u00f3n 2.9.1 usa la deserializaci\u00f3n de Java para cargar una java.security.PrivateKey serializada. La clase es una de varias implementaciones que un implementador que usa Apache MINA SSHD puede elegir para cargar las claves de host de un servidor SSH."
          }
        ],
        "id": "CVE-2022-45047",
        "lastModified": "2024-02-16T13:15:09.513",
        "metrics": {
          "cvssMetricV31": [
            {
              "cvssData": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
              },
              "exploitabilityScore": 3.9,
              "impactScore": 5.9,
              "source": "nvd@nist.gov",
              "type": "Primary"
            }
          ]
        },
        "published": "2022-11-16T09:15:14.320",
        "references": [
          {
            "source": "security@apache.org",
            "url": "https://security.netapp.com/advisory/ntap-20240216-0008/"
          },
          {
            "source": "security@apache.org",
            "url": "https://www.mail-archive.com/dev%40mina.apache.org/msg39312.html"
          }
        ],
        "sourceIdentifier": "security@apache.org",
        "vulnStatus": "Modified",
        "weaknesses": [
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-502"
              }
            ],
            "source": "nvd@nist.gov",
            "type": "Primary"
          },
          {
            "description": [
              {
                "lang": "en",
                "value": "CWE-502"
              }
            ],
            "source": "security@apache.org",
            "type": "Secondary"
          }
        ]
      }
    }
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.