Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-20685

Опубликовано: 10 янв. 2019
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 2.6
CVSS3: 5.3

Описание

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

РелизСтатусПримечание
bionic

released

1:7.6p1-4ubuntu0.2
cosmic

released

1:7.7p1-4ubuntu0.2
devel

released

1:7.9p1-5
disco

released

1:7.9p1-5
eoan

released

1:7.9p1-5
esm-infra-legacy/trusty

not-affected

1:6.6p1-2ubuntu2.12
esm-infra/bionic

not-affected

1:7.6p1-4ubuntu0.2
esm-infra/focal

not-affected

1:7.9p1-5
esm-infra/xenial

not-affected

1:7.2p2-4ubuntu2.7
fips-preview/jammy

released

1:7.9p1-5

Показывать по

РелизСтатусПримечание
bionic

ignored

end of standard support, was needs-triage
cosmic

ignored

end of life
devel

ignored

disco

ignored

end of life
eoan

ignored

end of life
esm-apps/bionic

ignored

esm-apps/focal

ignored

esm-apps/jammy

ignored

esm-apps/noble

ignored

esm-infra-legacy/trusty

DNE

Показывать по

EPSS

Процентиль: 88%
0.03744
Низкий

2.6 Low

CVSS2

5.3 Medium

CVSS3

Связанные уязвимости

CVSS3: 5.3
redhat
почти 7 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
nvd
больше 6 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
debian
больше 6 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...

CVSS3: 5.3
github
больше 3 лет назад

In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.

CVSS3: 5.3
fstec
почти 7 лет назад

Уязвимость средства криптографической защиты OpenSSH, вызваная ошибками при проверке имени каталога scp.c в клиенте scp, позволяющая нарушителю изменить права доступа к целевому каталогу

EPSS

Процентиль: 88%
0.03744
Низкий

2.6 Low

CVSS2

5.3 Medium

CVSS3