MGASA-2018-0204

Advisory lineage Upstream: 1 Downstream: 0

Upstream

CVE-2018-7750

Published: 15 Apr 2018, 13:33

Last modified:16 Apr 2026, 06:22

Vulnerability Summary

Overall Risk (default)

minimal

0/100

CVSS Score

No data

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

15 Apr 2018, 13:33

Published

Vulnerability first disclosed

16 Apr 2026, 06:22

Last Modified

Vulnerability information updated

Description

Updated python-paramiko packages fix security vulnerability A flaw was found in the implementation of `transport.py` in Paramiko, which did not properly check whether authentication was completed before processing other requests. A customized SSH client could simply skip the authentication step (CVE-2018-7750). This flaw is a user authentication bypass in the SSH Server functionality of Paramiko. Where Paramiko is used only for its client-side functionality (e.g. `paramiko.SSHClient`), the vulnerability is not exposed and thus cannot be exploited.

Affected Systems

mageia•python-paramiko
< 2.0.8-1.mga6

MGASA-2018-0204

Vulnerability Summary

Timeline

Description

Affected Systems

References (3)