Uploaded image for project: 'JITL - JobScheduler Integrated Template Library'
  1. JITL - JobScheduler Integrated Template Library
  2. JITL-737

Update sshj 0.37.0 to 0.38.0 due to 3rd party vulnerability issue CVE-2023-48795

    XMLWordPrintable

Details

    • Fix
    • Status: Released (View Workflow)
    • Minor
    • Resolution: Fixed
    • 2.5.7, 2.6.4
    • 2.5.8, 2.6.5, 2.7.0
    • None
    • CVE-2023-48795

    Description

      Current Situation

      Currently the JITL Jobs use sshj 0.37.0, which is affected by a vulnerability issue in the SSH Binary Packet Protocol (BPP).

      A vulnerability affects this library: https://nvd.nist.gov/vuln/detail/CVE-2023-48795

      Desired Behavior

      We rate the issue as low, because components like sshj may be affected, but the problem lies not in the used component, but in the underlying protocol.

      Workaround

      Customers who may think they are affected can work around the issue with updating the OpenSSH Server used in their environment to a version newer than 9.6.

      Attachments

        Activity

          People

            sp Santiago Aucejo Petzoldt
            sp Santiago Aucejo Petzoldt
            Pratishtha Pandey Pratishtha Pandey
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: