ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data

6.5 / 10

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Description

ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps) belonging to any other namespace. This vulnerability is fixed in 0.24.2.

Basic Information

ID CVE-2026-44423

Source GitHub_M

Published May 13, 2026 at 21:07

Affected Product

Vendor shellhub-io

Product shellhub

Version < 0.24.2

Affected Versions shellhub-io shellhub < 0.24.2

CWE Classification

CWE-639

References

github.com /shellhub-io/shellhub/security/advisories/GHSA-9w9c-9w8m-w89q

{
    "lastseen": "",
    "description": "ShellHub is a centralized SSH gateway. Prior to 0.24.2, GET /api/sessions/:uid returns the full session object for any authenticated caller, without scoping by the caller's tenant. An authenticated user can read session records (SSH username, device UID, remote IP, terminal type, authenticated flag, timestamps) belonging to any other namespace. This vulnerability is fixed in 0.24.2.",
    "published": "2026-05-13T21:07:33.174Z",
    "modified": "2026-05-13T21:07:33.174Z",
    "type": "cve",
    "title": "ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data",
    "source": "GitHub_M",
    "references": "https://github.com/shellhub-io/shellhub/security/advisories/GHSA-9w9c-9w8m-w89q",
    "id": "CVE-2026-44423",
    "bulletinFamily": "",
    "cwe": [
        "CWE-639"
    ],
    "cvelist": null,
    "sourceData": "shellhub-io shellhub < 0.24.2",
    "sourceHref": "",
    "cvss": {
        "score": 6.5,
        "severity": "MEDIUM",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "shellhub",
    "version": "< 0.24.2",
    "vendor": "shellhub-io",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

ShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session data_CVE-2026-44423