Severity by source
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
MITM over network-reachable SSH justifies AV:N with AC:H for the on-path requirement; no auth or UI; scope changes as poisoned mirrors affect downstream consumers, with high C/I and no availability impact.
Primary rating from Vendor (LY-Corporation).
CVSS VectorVendor: LY-Corporation
CVSS:4.0/AV:A/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:H/SI:H/SA:L/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
1DescriptionCVE.org
A vulnerability has been identified in centraldogma-server-mirror-git versions prior to 0.84.0, where the Git mirror SSH client does not verify remote host keys for git+ssh:// connections, allowing an on-path attacker to perform man-in-the-middle attacks and compromise mirrored repositories.
AnalysisAI
Man-in-the-middle attacks against LY Corporation's Central Dogma server can compromise mirrored Git repositories in versions of the centraldogma-server-mirror-git module prior to 0.84.0, because the embedded SSH client accepts any host key presented over git+ssh:// connections. An on-path attacker between Central Dogma and the upstream Git server can impersonate that server, inject malicious commits, and silently poison every downstream consumer that reads from the mirror. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires (1) Central Dogma operators to have configured at least one Git mirror source using the git+ssh:// scheme - HTTPS mirrors and locally configured repositories are not affected; (2) the attacker to occupy an on-path network position between the Central Dogma server and the upstream SSH Git endpoint at the moment the mirror pull occurs (captured by AV:A and AT:P in the vendor vector); and (3) the running centraldogma-server-mirror-git version to be earlier than 0.84.0. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The vendor-supplied CVSS 4.0 score of 8.8 reflects unauthenticated, no-interaction exploitation (PR:N/UI:N) with high confidentiality and integrity impact on both the vulnerable and subsequent systems (VC:H/VI:H, SC:H/SI:H) - appropriate because compromised mirrored repos cascade into every consumer of the configuration data. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker who controls a hop between the Central Dogma server and its upstream Git host - for example a compromised router, a rogue Wi-Fi or VPN gateway, or an internal pivot - intercepts the outbound SSH handshake for a git+ssh:// mirror pull and presents their own SSH host key, which the client accepts without complaint. The attacker proxies traffic to the real server while substituting commits that, for instance, change a feature flag, inject a malicious config value, or alter a Kubernetes manifest, and Central Dogma replicates the poisoned content to every consuming service. … |
| Remediation | Vendor-released patch: Central Dogma 0.84.0 - upgrade the centraldogma-server-mirror-git component to 0.84.0 or later per advisory GHSA-vjfw-cpmh-xwv3 (https://github.com/line/centraldogma/security/advisories/GHSA-vjfw-cpmh-xwv3). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all Central Dogma server deployments and identify instances running versions below 0.84.0. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Central Dogma
View allCluster-wide remote code execution in LY Corporation's centraldogma-server prior to 0.84.0 occurs when ZooKeeper replica
Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the a
LDAP injection in Central Dogma's Apache Shiro-based authentication module exposes unauthenticated remote attackers to a
Central Dogma versions before 0.78.0 contain an Open Redirect vulnerability that allows attackers to redirect users to u
Central Dogma versions prior to 0.64.1 is vulnerable to Cross-Site Scripting (XSS), which could allow for the leakage of
Cross-site scripting vulnerability in Central Dogma 0.17.0 to 0.40.1 allows remote attackers to inject arbitrary web scr
Same weakness CWE-322 – Key Exchange without Entity Authentication
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38206