CVE-2024-34713

Опубликовано: 14 мая 2024

Источник: nvd

CVSS3: 3.5

EPSS Низкий

Описание

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the force_command option in sshproxy.yaml, but it's rarely relevant.

Ссылки

https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh
https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh

EPSS

Процентиль: 50%

0.0027

Низкий

3.5 Low

CVSS3

Дефекты

CWE-77

Связанные уязвимости

GHSA-jmqp-37m5-49wh