Skip to content

v0.8.1
Compare
Choose a tag to compare
@github-actions github-actions released this 27 Sep 20:39
· 167 commits to main since this release
v0.8.1
8b91e4a

Security fixes

CVE-2023-43660

The SSH key verification for a user could be bypassed by sending an SSH key offer without a signature. This allowed bypassing authentication completely under following conditions:

  • The attacker knows the username and a valid target name
  • The attacked knows the user's public key
  • Only SSH public key authentication is required for the user account

Fixes

  • dec0b97: Fix redirection with a relative location (Nicolas SEYS) #896
Assets 6
Loading