CVE-2023-51385

Updated: 2024-11-21 19:22:32.07337

Description:

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.


Links NIST CIRCL RHEL Ubuntu

Severity

Severity Score
CVSS Version 2.x 0
CVSS Version 3.x MEDIUM 6.5

Status

OS name Project name Version Score Severity Status Errata Last updated

Statement

AlmaLinux 9.2 ESU openssh 8.7p1 6.5 MEDIUM Released CLSA-2023:1703785060 2023-12-28 13:08:32
CentOS 6 ELS openssh 5.3p1 6.5 MEDIUM Released CLSA-2023:1703785140 2024-01-10 04:09:43
CentOS 7 ELS openssh 7.4p1 6.5 MEDIUM Released CLSA-2023:1703612912 2023-12-26 13:08:40
CentOS 8.4 ELS openssh 8.0p1-6 6.5 MEDIUM Released CLSA-2023:1703612125 2023-12-26 13:08:39
CentOS 8.5 ELS openssh 8.0p1-10 6.5 MEDIUM Released CLSA-2023:1703612727 2023-12-26 13:08:38
CloudLinux 6 ELS openssh 5.3p1 6.5 MEDIUM Released CLSA-2023:1703785295 2024-01-10 04:09:41
Oracle Linux 6 ELS openssh 5.3p1 6.5 MEDIUM Released CLSA-2023:1703784959 2023-12-28 13:08:34
Ubuntu 16.04 ELS openssh 7.2p2 6.5 MEDIUM Released CLSA-2023:1703611900 2023-12-26 13:08:36
Ubuntu 18.04 ELS openssh 7.6p1 6.5 MEDIUM Released CLSA-2023:1703610859 2023-12-26 13:08:41