Updated: 2024-11-21 19:22:32.07337
Description:
In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.
Links | NIST | CIRCL | RHEL | Ubuntu |
Severity | Score | |
---|---|---|
CVSS Version 2.x | 0 | |
CVSS Version 3.x | MEDIUM | 6.5 |
OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
---|---|---|---|---|---|---|---|---|
AlmaLinux 9.2 ESU | openssh | 8.7p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703785060 | 2023-12-28 13:08:32 | |
CentOS 6 ELS | openssh | 5.3p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703785140 | 2024-01-10 04:09:43 | |
CentOS 7 ELS | openssh | 7.4p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703612912 | 2023-12-26 13:08:40 | |
CentOS 8.4 ELS | openssh | 8.0p1-6 | 6.5 | MEDIUM | Released | CLSA-2023:1703612125 | 2023-12-26 13:08:39 | |
CentOS 8.5 ELS | openssh | 8.0p1-10 | 6.5 | MEDIUM | Released | CLSA-2023:1703612727 | 2023-12-26 13:08:38 | |
CloudLinux 6 ELS | openssh | 5.3p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703785295 | 2024-01-10 04:09:41 | |
Oracle Linux 6 ELS | openssh | 5.3p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703784959 | 2023-12-28 13:08:34 | |
Ubuntu 16.04 ELS | openssh | 7.2p2 | 6.5 | MEDIUM | Released | CLSA-2023:1703611900 | 2023-12-26 13:08:36 | |
Ubuntu 18.04 ELS | openssh | 7.6p1 | 6.5 | MEDIUM | Released | CLSA-2023:1703610859 | 2023-12-26 13:08:41 |