Vulnerability Details CVE-2019-7639
An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 56.7%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 4.3
References
Products affected by CVE-2019-7639
-
cpe:2.3:a:gsi-openssh_project:gsi-openssh:7.9
-
cpe:2.3:o:fedoraproject:fedora:28
-
cpe:2.3:o:fedoraproject:fedora:29