Launchpad CVE tracker

CVE 2023-28531

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints. The earliest affected version is 8.9.

Related bugs and status

CVE-2023-28531 (Candidate) is related to these bugs:

Bug #2020560: ssh.service and ssh.socket both running.

Summary				In	Importance	Status
	2020560	ssh.service and ssh.socket both running.		openssh (Ubuntu)	Undecided	Fix Released

Bug #2025664: Merge openssh 1:9.3p1-1 from Debian unstable

Summary				In	Importance	Status
	2025664	Merge openssh 1:9.3p1-1 from Debian unstable		openssh (Ubuntu)	Undecided	Fix Released

Bug #2047315: [Debian] Critical CVE: CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617 openssh : multiple CVEs

Summary				In	Importance	Status
	2047315	[Debian] Critical CVE: CVE-2023-51384/CVE-2023-28531/CVE-2023-48795/CVE-2023-51385/CVE-2021-41617 openssh : multiple CVEs		StarlingX	High	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2023-28531

References