CVE-2024-48460: Eugeny Tabby Sends Password Despite Host Key Verification Failure

January 17, 2025

An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.

References

github.com/Eugeny/tabby
github.com/Eugeny/tabby/commit/1c077147acd0a6ec9f8ee80d83a3e9688fbb9444
github.com/Eugeny/tabby/issues/9955
github.com/advisories/GHSA-8vq4-8hfp-29xh
nvd.nist.gov/vuln/detail/CVE-2024-48460

Code Behaviors & Features

Detect and mitigate CVE-2024-48460 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →