{ "document": { "aggregate_severity": { "text": "Low" }, "category": "csaf_vex", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/debian10els/vex/2021/cve-2021-36368-els_os-debian10els.json" } ], "tracking": { "current_release_date": "2026-04-24T14:56:06Z", "generator": { "date": "2026-04-24T14:56:06Z", "engine": { "name": "pyCSAF" } }, "id": "CVE-2021-36368-ELS_OS-DEBIAN10ELS", "initial_release_date": "2021-01-01T00:00:00Z", "revision_history": [ { "date": "2021-01-01T00:00:00Z", "number": "1", "summary": "Initial version" }, { "date": "2026-04-24T14:56:06Z", "number": "2", "summary": "Official Publication" } ], "status": "final", "version": "2" }, "title": "Security update on CVE-2021-36368" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Debian None", "product": { "name": "Debian None", "product_id": "Debian-10", "product_identification_helper": { "cpe": "cpe:2.3:o:debian:debian_linux:10:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Debian" }, { "branches": [ { "category": "product_version", "name": "openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "product": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "product_id": "openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "product_identification_helper": { "purl": "pkg:deb/debian/openssh-sftp-server@7.9p1-10%2Bdeb10u4?arch=amd64" } } }, { "category": "product_version", "name": "openssh-client-1:7.9p1-10+deb10u4.amd64", "product": { "name": "openssh-client-1:7.9p1-10+deb10u4.amd64", "product_id": "openssh-client-1:7.9p1-10+deb10u4.amd64", "product_identification_helper": { "purl": "pkg:deb/debian/openssh-client@7.9p1-10%2Bdeb10u4?arch=amd64" } } }, { "category": "product_version", "name": "openssh-tests-1:7.9p1-10+deb10u4.amd64", "product": { "name": "openssh-tests-1:7.9p1-10+deb10u4.amd64", "product_id": "openssh-tests-1:7.9p1-10+deb10u4.amd64", "product_identification_helper": { "purl": "pkg:deb/debian/openssh-tests@7.9p1-10%2Bdeb10u4?arch=amd64" } } }, { "category": "product_version", "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64", "product": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64", "product_id": "ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64", "product_identification_helper": { "purl": "pkg:deb/debian/ssh-askpass-gnome@7.9p1-10%2Bdeb10u4?arch=amd64" } } }, { "category": "product_version", "name": "openssh-server-1:7.9p1-10+deb10u4.amd64", "product": { "name": "openssh-server-1:7.9p1-10+deb10u4.amd64", "product_id": "openssh-server-1:7.9p1-10+deb10u4.amd64", "product_identification_helper": { "purl": "pkg:deb/debian/openssh-server@7.9p1-10%2Bdeb10u4?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "ssh-1:7.9p1-10+deb10u4.all", "product": { "name": "ssh-1:7.9p1-10+deb10u4.all", "product_id": "ssh-1:7.9p1-10+deb10u4.all", "product_identification_helper": { "purl": "pkg:deb/debian/ssh@7.9p1-10%2Bdeb10u4?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "Software in the Public Interest, Inc." }, { "branches": [ { "branches": [ { "category": "product_version", "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_id": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-sftp-server@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_id": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-sftp-server@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product": { "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_id": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-client@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product": { "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_id": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-client@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product": { "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_id": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-tests@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product": { "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_id": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-tests@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_id": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/ssh-askpass-gnome@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=amd64" } } }, { "category": "product_version", "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_id": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/ssh-askpass-gnome@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product": { "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_id": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-server@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=amd64" } } }, { "category": "product_version", "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product": { "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_id": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "product_identification_helper": { "purl": "pkg:deb/tuxcare/openssh-server@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=amd64" } } } ], "category": "architecture", "name": "amd64" }, { "branches": [ { "category": "product_version", "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "product": { "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "product_id": "ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/ssh@7.9p1-10%2Bdeb10u4%2Btuxcare.els1?arch=all" } } }, { "category": "product_version", "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "product": { "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "product_id": "ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "product_identification_helper": { "purl": "pkg:deb/tuxcare/ssh@7.9p1-10%2Bdeb10u4%2Btuxcare.els2?arch=all" } } } ], "category": "architecture", "name": "all" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64" }, "product_reference": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4.amd64" }, "product_reference": "openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64" }, "product_reference": "openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64" }, "product_reference": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-client-1:7.9p1-10+deb10u4.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-client-1:7.9p1-10+deb10u4.amd64" }, "product_reference": "openssh-client-1:7.9p1-10+deb10u4.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64" }, "product_reference": "openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64" }, "product_reference": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-tests-1:7.9p1-10+deb10u4.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-tests-1:7.9p1-10+deb10u4.amd64" }, "product_reference": "openssh-tests-1:7.9p1-10+deb10u4.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64" }, "product_reference": "openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64" }, "product_reference": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64 as a component of Debian None", "product_id": "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64" }, "product_reference": "ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64" }, "product_reference": "ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64" }, "product_reference": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-1:7.9p1-10+deb10u4.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-server-1:7.9p1-10+deb10u4.amd64" }, "product_reference": "openssh-server-1:7.9p1-10+deb10u4.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64 as a component of Debian None", "product_id": "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64" }, "product_reference": "openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all as a component of Debian None", "product_id": "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all" }, "product_reference": "ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-1:7.9p1-10+deb10u4.all as a component of Debian None", "product_id": "Debian-10:ssh-1:7.9p1-10+deb10u4.all" }, "product_reference": "ssh-1:7.9p1-10+deb10u4.all", "relates_to_product_reference": "Debian-10" }, { "category": "default_component_of", "full_product_name": { "name": "ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all as a component of Debian None", "product_id": "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all" }, "product_reference": "ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "relates_to_product_reference": "Debian-10" } ] }, "vulnerabilities": [ { "cve": "CVE-2021-36368", "cwe": { "id": "CWE-287", "name": "Improper Authentication" }, "notes": [ { "category": "description", "text": "An issue was discovered in OpenSSH before 8.9. If a client is using public-key authentication with agent forwarding but without -oLogLevel=verbose, and an attacker has silently modified the server to support the None authentication option, then the user cannot determine whether FIDO authentication is going to confirm that the user wishes to connect to that server, or that the user wishes to allow that server to connect to a different server on the user's behalf. NOTE: the vendor's position is \"this is not an authentication bypass, since nothing is being bypassed.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "known_affected": [ "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4.amd64", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "Debian-10:ssh-1:7.9p1-10+deb10u4.all", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-36368" }, { "category": "external", "summary": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316", "url": "https://bugzilla.mindrot.org/show_bug.cgi?id=3316" }, { "category": "external", "summary": "https://docs.ssh-mitm.at/trivialauth.html", "url": "https://docs.ssh-mitm.at/trivialauth.html" }, { "category": "external", "summary": "https://github.com/openssh/openssh-portable/pull/258", "url": "https://github.com/openssh/openssh-portable/pull/258" }, { "category": "external", "summary": "https://security-tracker.debian.org/tracker/CVE-2021-36368", "url": "https://security-tracker.debian.org/tracker/CVE-2021-36368" }, { "category": "external", "summary": "https://www.openssh.com/security.html", "url": "https://www.openssh.com/security.html" } ], "release_date": "2022-03-13T00:15:00Z", "remediations": [ { "category": "no_fix_planned", "details": "This is a disputed, low-severity OpenSSH <8.9 issue that does not bypass authentication and only arises when a client has explicitly enabled agent forwarding (a non-default setting) and uses FIDO-protected keys without verbose logging. Exploitation further requires the user to connect to an attacker-controlled server intentionally modified to offer the non-standard “none” authentication method, making the scenario high-complexity and environment-specific. With no integrity or availability impact and only limited confidentiality risk via potential misuse of a deliberately forwarded agent, it can be safely deprioritized in managed enterprise VM/server contexts.", "product_ids": [ "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4.amd64", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "Debian-10:ssh-1:7.9p1-10+deb10u4.all", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64" ] } ], "scores": [ { "cvss_v2": { "accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.6, "baseSeverity": "LOW", "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:H/Au:N/C:P/I:N/A:N", "version": "2.0" }, "cvss_v3": { "attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1" }, "products": [ "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-client-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-sftp-server-1:7.9p1-10+deb10u4.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:openssh-tests-1:7.9p1-10+deb10u4.amd64", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els1.all", "Debian-10:ssh-1:7.9p1-10+deb10u4+tuxcare.els2.all", "Debian-10:ssh-1:7.9p1-10+deb10u4.all", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els1.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4+tuxcare.els2.amd64", "Debian-10:ssh-askpass-gnome-1:7.9p1-10+deb10u4.amd64" ] } ], "threats": [ { "category": "impact", "details": "Low" } ] } ] }