Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-6004

Опубликовано: 18 дек. 2023
Источник: redhat
CVSS3: 4.8
EPSS Низкий

Описание

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

Отчет

Despite the potential severity of this issue, the requirement for user interaction to exploit the vulnerability has led to a low severity rating. As a precautionary measure, users are advised to sanitize hostname inputs as a mitigation strategy.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options don't meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 7libsshOut of support scope
Red Hat Enterprise Linux 8libsshFixedRHSA-2024:323322.05.2024
Red Hat Enterprise Linux 8libsshFixedRHSA-2024:323322.05.2024
Red Hat Enterprise Linux 9libsshFixedRHSA-2024:250430.04.2024
Red Hat Enterprise Linux 9libsshFixedRHSA-2024:250430.04.2024

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-74
https://bugzilla.redhat.com/show_bug.cgi?id=2251110libssh: ProxyCommand/ProxyJump features allow injection of malicious code through hostname

EPSS

Процентиль: 16%
0.00051
Низкий

4.8 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-6004

CVSS3: 4.8
ubuntu
почти 2 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

nvd логотип

CVE-2023-6004

CVSS3: 4.8
nvd
почти 2 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

msrc логотип

CVE-2023-6004

CVSS3: 4.8
msrc
8 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-6004

CVSS3: 4.8
debian
почти 2 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump ...

github логотип

GHSA-f35j-mfvw-p857

CVSS3: 3.9
github
почти 2 года назад

A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

EPSS

Процентиль: 16%
0.00051
Низкий

4.8 Medium

CVSS3