CVE-2018-7750: Improper Authentication

March 13, 2018 (updated February 28, 2019)

transport.py in the SSH server implementation of Paramiko does not properly check whether authentication is completed before processing other requests, as demonstrated by channel-open. A customized SSH client can simply skip the authentication step.

References

www.securityfocus.com/bid/103713
github.com/paramiko/paramiko/issues/1175
nvd.nist.gov/vuln/detail/CVE-2018-7750
www.exploit-db.com/exploits/45712/

Detect and mitigate CVE-2018-7750 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →