Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2019-14889

Опубликовано: 10 дек. 2019
Источник: nvd
CVSS3: 7.1
CVSS3: 8.8
CVSS2: 9.3
EPSS Низкий

Описание

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Версия до 0.8.8 (исключая)
cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:*
Версия от 0.9.0 (включая) до 0.9.3 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:19.10:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
Конфигурация 4

Одно из

cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
Конфигурация 5
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
Конфигурация 6
cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
Версия до 8.0.19 (включая)

EPSS

Процентиль: 69%
0.00624
Низкий

7.1 High

CVSS3

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78
CWE-78

Связанные уязвимости

ubuntu логотип

CVE-2019-14889

CVSS3: 8.8
ubuntu
около 6 лет назад

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

redhat логотип

CVE-2019-14889

CVSS3: 7.1
redhat
около 6 лет назад

A flaw was found with the libssh API function ssh_scp_new() in versions before 0.9.3 and before 0.8.8. When the libssh SCP client connects to a server, the scp command, which includes a user-provided path, is executed on the server-side. In case the library is used in a way where users can influence the third parameter of the function, it would become possible for an attacker to inject arbitrary commands, leading to a compromise of the remote target.

debian логотип

CVE-2019-14889

CVSS3: 8.8
debian
около 6 лет назад

A flaw was found with the libssh API function ssh_scp_new() in version ...

suse-cvrf логотип

openSUSE-SU-2020:0102-1

suse-cvrf
почти 6 лет назад

Security update for libssh

suse-cvrf логотип

openSUSE-SU-2019:2689-1

suse-cvrf
почти 6 лет назад

Security update for libssh

EPSS

Процентиль: 69%
0.00624
Низкий

7.1 High

CVSS3

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-78
CWE-78