SecBoard
Zurück zur CVE-Übersicht

CVE-2026-45309

NONE
Risk Signal Score10/100 — NIEDRIG
  • Weniger als 24 Stunden alt

Beschreibung

AsyncSSH is a Python package which provides an asynchronous client and server implementation of the SSHv2 protocol on top of the Python asyncio framework. Prior to 2.23.0, AsyncSSH expands the OpenSSH-compatible AuthorizedKeysFile %u token in asyncssh/config.py, asyncssh/connection.py, asyncssh/auth_keys.py, and asyncssh/misc.py with the raw SSH username during pre-authentication server config reload, allowing a server configured with AuthorizedKeysFile authorized_keys/%u to read an authorized-keys file outside the intended directory when the SSH username contains /, \, or .. path traversal segments and authenticate with an attacker-selected key file. This issue is fixed in version 2.23.0.

GitHub Advisories

GHSA-g794-3fmp-753hMEDIUM

AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username

pip/asyncssh2.23.0
GitHub Advisory

Referenzen