Описание
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat BPM Suite 6 | jsch | Will not fix | ||
| Red Hat Enterprise Linux 5 | jsch | Not affected | ||
| Red Hat Enterprise Linux 6 | jsch | Not affected | ||
| Red Hat Enterprise Linux 7 | jsch | Not affected | ||
| Red Hat JBoss A-MQ 6 | jsch | Will not fix | ||
| Red Hat JBoss BRMS 6 | jsch | Will not fix | ||
| Red Hat JBoss Data Virtualization 6 | jsch | Will not fix | ||
| Red Hat JBoss Fuse 6 | jsch | Will not fix | ||
| Red Hat JBoss Fuse Service Works 6 | jsch | Will not fix | ||
| Red Hat JBoss Operations Network 3 | jsch | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
4.2 Medium
CVSS3
2.6 Low
CVSS2
Связанные уязвимости
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Windows, when the mode is ChannelSftp.OVERWRITE, allows remote SFTP servers to write to arbitrary files via a ..\ (dot dot backslash) in a response to a recursive GET command.
Directory traversal vulnerability in JCraft JSch before 0.1.54 on Wind ...
Improper Limitation of a Pathname to a Restricted Directory in JCraft JSch
Уязвимость компонента ChannelSftp.OVERWRITE Java-реализации SSH2 jsch, позволяющая нарушителю оказать воздействие на целостность информации
EPSS
4.2 Medium
CVSS3
2.6 Low
CVSS2