From 0a6ac5de5488d325c24baea08239482a3c56f212 Mon Sep 17 00:00:00 2001 From: Joe Testa Date: Mon, 21 Feb 2022 21:51:35 -0500 Subject: [PATCH] Updated CVE vulnerability flag. --- src/ssh_audit/versionvulnerabilitydb.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/ssh_audit/versionvulnerabilitydb.py b/src/ssh_audit/versionvulnerabilitydb.py index dafb839..a3095c4 100644 --- a/src/ssh_audit/versionvulnerabilitydb.py +++ b/src/ssh_audit/versionvulnerabilitydb.py @@ -76,7 +76,7 @@ class VersionVulnerabilityDB: # pylint: disable=too-few-public-methods ['1.0', '7.9', 2, 'CVE-2019-6110', 6.8, 'output manipulation'], ['1.0', '7.9', 2, 'CVE-2019-6109', 6.8, 'output manipulation'], ['1.0', '7.9', 2, 'CVE-2018-20685', 5.3, 'directory permissions modification via scp'], - ['5.9', '7.8', 0, 'CVE-2018-15919', 5.3, 'username enumeration via GS2'], + ['5.9', '7.8', 1, 'CVE-2018-15919', 5.3, 'username enumeration via GS2'], ['1.0', '7.7', 1, 'CVE-2018-15473', 5.3, 'enumerate usernames due to timing discrepancies'], ['1.2', '6.292', 1, 'CVE-2017-15906', 5.3, 'readonly bypass via sftp'], ['1.0', '8.7', 1, 'CVE-2016-20012', 5.3, 'enumerate usernames via challenge response'],