CNNVD-202512-337 Information
Dec 03, 2025
cve
CNNVD ID
CNNVD-202512-337
Related CVE
- CNNVD Published: 2025-12-03
Description (Chinese)
Smallstep step-ca是美国Smallstep公司的一个面向DevOps的安全、自动化证书管理的在线证书颁发机构。 Smallstep step-ca 0.29.0之前版本存在安全漏洞,该漏洞源于SSH证书撤销授权检查不当,可能导致未授权访问。
Description (English)
Smallstep step-ca is an online certification agency for the security, automated certificate management of DevOps at Smallstep, United States. There was a security loophole in the pre-Smallstep step-ca 0.29.0 version, which stemmed from improper de-licensing of SSH certificates, which could lead to unauthorized access.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Smallstep
Published
2025-12-03
Last Modified
2026-02-24
References
https://github.com/smallstep/certificates/security/advisories/GHSA-j7c9-79x7-8hpr
Patch
https://github.com/smallstep/certificates/releases
Share on: