CVE-2023-6004

Опубликовано: 18 дек. 2023

Источник: redhat

CVSS3: 4.8

Описание

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Отчет

Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 7	libssh	Out of support scope
Red Hat Enterprise Linux 8	libssh	Fixed	RHSA-2024:3233	22.05.2024
Red Hat Enterprise Linux 8	libssh	Fixed	RHSA-2024:3233	22.05.2024
Red Hat Enterprise Linux 9	libssh	Fixed	RHSA-2024:2504	30.04.2024
Red Hat Enterprise Linux 9	libssh	Fixed	RHSA-2024:2504	30.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-74

https://bugzilla.redhat.com/show_bug.cgi?id=2251110libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname

4.8 Medium

CVSS3

Связанные уязвимости

CVE-2023-6004

CVSS3: 4.8

ubuntu

больше 1 года назад

CVE-2023-6004

CVSS3: 4.8

nvd

больше 1 года назад

CVE-2023-6004

CVSS3: 4.8

msrc

3 месяца назад

Описание отсутствует

CVE-2023-6004

CVSS3: 4.8

debian

больше 1 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...

GHSA-f35j-mfvw-p857

CVSS3: 3.9

github

больше 1 года назад

4.8 Medium

CVSS3