Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Adress CVE 2023-48795 with paramiko upgrade #6430

Closed
bari12 opened this issue Dec 20, 2023 · 2 comments
Closed

Adress CVE 2023-48795 with paramiko upgrade #6430

bari12 opened this issue Dec 20, 2023 · 2 comments
Assignees
@bari12
Labels
backport Issues which are backported to additional releases bug LTS Issue must be included in LTS release line Release management
Milestone
33.2.0

Comments

@bari12
Copy link
Member

bari12 commented Dec 20, 2023

Description

See https://terrapin-attack.com

SSH authentication against Rucio is a rarely, if at all, used feature and it is not clear if the functionality we use would be affected by this vulnerability (It is a rather complex attack vector, likely not exploitable by an anonymous attacker). However updating the dependency is the prudent thing to do.

Steps to reproduce

none

Rucio Version

33, 32 LTS and 1.29 LTS

Additional Information

No response
@bari12 bari12 added bug Release management LTS Issue must be included in LTS release line labels Dec 20, 2023
@bari12 bari12 self-assigned this Dec 20, 2023
@bari12 bari12 added this to the 33.2.0 milestone Dec 20, 2023
@bari12 bari12 closed this as completed Dec 20, 2023
@bari12 bari12 added the backport Issues which are backported to additional releases label Dec 22, 2023
@bari12
Copy link
Member Author

bari12 commented Dec 22, 2023

Backport 32.7.0

@bari12
Copy link
Member Author

bari12 commented Dec 22, 2023

Backport 1.29.16

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bari12 bari12

Labels
backport Issues which are backported to additional releases bug LTS Issue must be included in LTS release line Release management
Projects
None yet
Milestone
33.2.0
Development

No branches or pull requests
1 participant
@bari12