CVE-2023-28531 Information

Description

ssh-add in OpenSSH before 9.3 adds smartcard keys to ssh-agent without the intended per-hop destination constraints.

Reference

https://www.openwall.com/lists/oss-security/2023/03/15/8