CVE-2019-7639

Name: CVE-2019-7639
Creator: NVD / NIST
Published: 2019-02-08T11:29:00.517+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.20%

Last modified Jun 17, 2026

CVE-2019-7639 is a vulnerability of currently unknown severity. An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.. EPSS estimates a 1.20% chance of exploitation in the next 30 days.

Description

An issue was discovered in gsi-openssh-server 7.9p1 on Fedora 29. If PermitPAMUserChange is set to yes in the /etc/gsissh/sshd_config file, logins succeed with a valid username and an incorrect password, even though a failure entry is recorded in the /var/log/messages file.

Metrics

EPSS Probability

1.20%

64.3th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-863

Affected Software

Vendor	Product	Versions	Update
Fedoraproject	Fedora	28	—
Fedoraproject	Fedora	29	—
Gsi-Openssh Project	Gsi-Openssh	7.9	P1

References

https://bugzilla.redhat.com/show_bug.cgi?id=1673802Exploit, Issue Tracking, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1673802Exploit, Issue Tracking, Third Party Advisory

Timeline

Published: Feb 8, 2019
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2019-7639?

How severe is CVE-2019-7639?

Severity scoring for CVE-2019-7639 is pending analysis. The EPSS model estimates a 1.20% probability of exploitation in the next 30 days.

How do I fix CVE-2019-7639?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2019-7639?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST