CVE-2022-24302

In Paramiko before 2.10.1, a race condition (between creation and chmod) in the writeprivatekey_file function could allow unauthorized information disclosure.

References

Affected packages

Git / github.com/paramiko/paramiko

Affected ranges

Type: GIT
Repo: https://github.com/paramiko/paramiko
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

286bd9f0374922341d48923b0c3ef09aab57919f

Affected versions

1.*

1.10.0

1.10.1

1.10.2

1.10.3

1.10.4

1.10.5

1.10.6

1.10.7

1.11.0

1.11.1

1.11.2

1.11.3

1.11.4

1.11.5

1.11.6

1.12.0

1.12.1

1.12.2

1.12.3

1.12.4

1.13.0

1.13.1

1.13.2

1.13.3

1.13.4

1.14.0

1.14.1

1.14.2

1.14.3

1.15.0

1.15.1

1.15.2

1.15.3

1.15.4

1.15.5

1.16.0

1.16.1

1.16.2

1.16.3

1.17.0

1.17.1

1.17.2

1.17.3

1.18.0

1.18.1

1.7.7.1

1.7.7.2

1.8.0

1.8.1

1.9.0

2.*

2.0.0

2.0.1

2.0.2

2.0.3

2.0.4

2.0.5

2.0.6

2.0.7

2.0.8

2.0.9

2.1.0

2.1.1

2.1.2

2.1.3

2.1.4

2.1.5

2.1.6

2.10.0

2.2.0

2.2.1

2.2.2

2.2.3

2.2.4

2.3.0

2.3.1

2.3.2

2.3.3

2.4.0

2.4.1

2.4.2

2.4.3

2.5.0

2.5.1

2.6.0

2.7.0

2.7.1

2.7.2

2.8.0

2.8.1

2.9.0

2.9.1

2.9.2

Other

initial-merge-from-ssh-done

py3-test-parity

release-1.*

release-1.7.4

release-1.7.5

release-1.7.6

v1.*

v1.10.0

v1.10.1

v1.10.2

v1.10.3

v1.10.4

v1.10.5

v1.10.6

v1.10.7

v1.11.0

v1.11.1

v1.11.2

v1.11.3

v1.11.4

v1.11.5

v1.11.6

v1.12.0

v1.12.1

v1.12.2

v1.12.3

v1.12.4

v1.13.0

v1.13.1

v1.13.2

v1.13.3

v1.13.4

v1.14.0

v1.14.1

v1.14.2

v1.14.3

v1.15.0

v1.15.1

v1.15.2

v1.15.3

v1.15.4

v1.15.5

v1.16.0

v1.16.1

v1.16.2

v1.16.3

v1.17.0

v1.17.1

v1.17.2

v1.17.3

v1.18.0

v1.18.1

v1.7.7.1

v1.7.7.2

v1.8.0

v1.8.1

v1.9.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-24302.json"