CVE-2024-48460
MEDIUMtabby-ssh < 1.0.214 - Improper Certificate Validation
Title source: llmDescription
An issue in Eugeny Tabby 1.0.213 allows a remote attacker to obtain sensitive information via the server and sends the SSH username and password even when the host key verification fails.
References (1)
Core 1
Core References
Issue Tracking
https://github.com/Eugeny/tabby/issues/9955
Scores
CVSS v3
4.3
EPSS
0.0035
EPSS Percentile
26.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
total
Details
CWE
CWE-295
Status
published
Products (1)
npm/tabby-ssh
0 - 1.0.214npm
Published
Jan 16, 2025
Tracked Since
Feb 18, 2026