CVE-2020-15778

Sažetak

scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."

Reference

https://access.redhat.com/errata/RHSA-2024:3166
https://github.com/cpandya2909/CVE-2020-15778/
https://news.ycombinator.com/item?id=25005567
https://security.gentoo.org/glsa/202212-06
https://security.netapp.com/advisory/ntap-20200731-0007/
https://www.openssh.com/security.html

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

04-08-2024 - 14:15

Objavljeno

24-07-2020 - 14:15