CVE-2026-44423
- EPSS 0.25%
- Veröffentlicht 13.05.2026 21:07:33
- Zuletzt bearbeitet 15.05.2026 17:16:32
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device ...
CVE-2026-44424
- EPSS 0.25%
- Veröffentlicht 13.05.2026 21:06:49
- Zuletzt bearbeitet 18.05.2026 13:35:06
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/devices/:uid returns the full device object whenever the caller is authenticated, without verifying that the device belongs to the caller's namespace (tenant). Any authenticated user (J...
CVE-2026-44426
- EPSS 0.31%
- Veröffentlicht 13.05.2026 21:06:06
- Zuletzt bearbeitet 14.05.2026 20:14:30
ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/namespaces/:tenant returns the full namespace object — including the members list (user IDs, e-mails, roles), settings, and device counts — to any caller authenticated by an API Key, fo...
CVE-2026-44425
- EPSS 0.25%
- Veröffentlicht 13.05.2026 21:05:07
- Zuletzt bearbeitet 18.05.2026 13:34:49
ShellHub is a centralized SSH gateway. Prior to 0.24.2, the device list endpoint accepts user-controlled identifiers in the the name field of each filter property in the base64-encoded filter query parameter and the sort_by query parameter, which are...