CVE-2018-15919
ADVISORY - nistSummary
Remotely observable behaviour in auth-gss2.c in OpenSSH through 7.8 could be used by remote attackers to detect existence of users on a target system when GSS2 is in use. NOTE: the discoverer states 'We understand that the OpenSSH developers do not want to treat such a username enumeration (or "oracle") as a vulnerability.'
EPSS Score: 0.00257 (0.659)
Common Weakness Enumeration (CWE)
ADVISORY - nist
Exposure of Sensitive Information to an Unauthorized Actor
ADVISORY - redhat
Exposure of Sensitive Information to an Unauthorized Actor
Sign in to Docker Scout
See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.
Sign in