Primary

Context

Step CA Improper Authorization Check for SSH Certificate Revocation Vulnerability

Vulnerability

A vulnerability exists in Step CA versions prior to 0.29.0, specifically within deployments using the SSHPOP provisioner. The issue arises from an improper authorization check related to SSH certificate revocation, allowing for potential unauthorized actions in this context.

Impact

Exploitation of this vulnerability could lead to improper handling of SSH certificate revocation, potentially allowing unauthorized users to manipulate certificate statuses.

Remediation

Users are advised to upgrade to Step CA version 0.29.0 or later. Instructions for updating can be found in the Step CA repository on GitHub.

Added: Dec 3, 2025, 8:19 PM

Updated: Dec 3, 2025, 8:19 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

4.8

remediation

7.7

relevance

1.3

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Step CA Improper Authorization Check for SSH Certificate Revocation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating