Описание
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:7.6p1-4ubuntu0.2 |
| cosmic | released | 1:7.7p1-4ubuntu0.2 |
| devel | released | 1:7.9p1-5 |
| disco | released | 1:7.9p1-5 |
| eoan | released | 1:7.9p1-5 |
| esm-infra-legacy/trusty | not-affected | 1:6.6p1-2ubuntu2.12 |
| esm-infra/bionic | not-affected | 1:7.6p1-4ubuntu0.2 |
| esm-infra/focal | not-affected | 1:7.9p1-5 |
| esm-infra/xenial | not-affected | 1:7.2p2-4ubuntu2.7 |
| fips-preview/jammy | released | 1:7.9p1-5 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needs-triage |
| cosmic | ignored | end of life |
| devel | ignored | |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-apps/bionic | ignored | |
| esm-apps/focal | ignored | |
| esm-apps/jammy | ignored | |
| esm-apps/noble | ignored | |
| esm-infra-legacy/trusty | DNE |
Показывать по
EPSS
2.6 Low
CVSS2
5.3 Medium
CVSS3
Связанные уязвимости
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to b ...
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Уязвимость средства криптографической защиты OpenSSH, вызваная ошибками при проверке имени каталога scp.c в клиенте scp, позволяющая нарушителю изменить права доступа к целевому каталогу
EPSS
2.6 Low
CVSS2
5.3 Medium
CVSS3