A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
Configurations
History
30 Apr 2024, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jan 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* |
|
CWE | CWE-74 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References |
|
|
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2251110 - Issue Tracking | |
References | () https://access.redhat.com/security/cve/CVE-2023-6004 - Vendor Advisory | |
References | () https://www.libssh.org/security/advisories/CVE-2023-6004.txt - Mailing List |
03 Jan 2024, 17:26
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 17:15
Updated : 2024-04-30 15:15
NVD link : CVE-2023-6004
Mitre link : CVE-2023-6004
CVE.ORG link : CVE-2023-6004
JSON object : View
Products Affected
redhat
- enterprise_linux
libssh
- libssh
fedoraproject
- fedora
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')