Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2023-43809
CVE-2023-43809:
vulnerability analysis and mitigation
Overview
Soft Serve, a self-hostable Git server for the command line, was found to contain a security vulnerability (CVE-2023-43809) prior to version 0.6.2. The vulnerability allowed unauthenticated remote attackers to bypass public key authentication when keyboard-interactive SSH authentication was active through the allow-keyless setting, particularly affecting public keys requiring additional client-side verification such as FIDO2 or GPG (GitHub Advisory).
Technical details
The vulnerability stems from insufficient validation procedures during the SSH request handshake, specifically in the public key step. When keyboard-interactive authentication is enabled via the allow-keyless setting, the server fails to properly invalidate or revoke previously accepted key identities when client-side verification fails. This allows attackers to exploit the authentication process by presenting manipulated SSH requests using keyboard-interactive authentication mode, potentially gaining unauthorized access to the system (NVD). The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.
Impact
The exploitation of this vulnerability could result in unauthorized access to Soft Serve instances. Attackers could potentially gain access to private repositories and admin-only settings by bypassing the authentication mechanism. The vulnerability is particularly impactful when using SSH keypairs that require client-side verification, such as passphrase-protected keys, FIDO2 key types (ssh-sk), or GPG via gpg-agent with private keys on smartcards like YubiKey (GitHub Issue).
Mitigation and workarounds
Users are advised to upgrade to Soft Serve version v0.6.2 or later, which contains the patch for this vulnerability. For those unable to upgrade immediately, a temporary workaround is available by disabling Keyboard-Interactive SSH Authentication using the allow-keyless setting (GitHub Advisory). The fix was implemented through an authentication middleware that properly validates the public key used during the SSH connection (GitHub Commit).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management