CVE-2020-15778
Description
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of anomalous argument transfers because that could stand a great chance of breaking existing workflows.
Risk Information
Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
61.479
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| openssh update (TU-CESAS-0016) openssh-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh update (TU-CESAS-0016) openssh-keycat-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh update (TU-CESAS-0016) openssh-server-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh update (TU-CESAS-0016) openssh-askpass-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh update (TU-CESAS-0016) openssh-clients-8.0p1-24.el8.x86_64.rpm | Linux |
| python3 update (TU-CESAS-0021) python3-pip-9.0.3-24.el8.noarch.rpm | Linux |
| openssh update (TU-CESAS-0021) openssh-cavs-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh update (TU-CESAS-0021) openssh-ldap-8.0p1-24.el8.x86_64.rpm | Linux |
| python3 update (TU-CESAS-0021) python3-pip-wheel-9.0.3-24.el8.noarch.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-askpass-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-askpass-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-cavs-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-cavs-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-clients-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-clients-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-debugsource-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-keycat-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-keycat-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-ldap-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-ldap-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-server-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update openssh-server-debuginfo-8.0p1-24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm | Linux |
| (RHSA-2024:3166)Moderate: security update pam_ssh_agent_auth-debuginfo-0.10.3-7.24.el8.x86_64.rpm | Linux |
| Openssh update (ELSA-2024-3166) openssh-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-askpass update (ELSA-2024-3166) openssh-askpass-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-cavs update (ELSA-2024-3166) openssh-cavs-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-clients update (ELSA-2024-3166) openssh-clients-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-keycat update (ELSA-2024-3166) openssh-keycat-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-ldap update (ELSA-2024-3166) openssh-ldap-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Openssh-server update (ELSA-2024-3166) openssh-server-8.0p1-24.0.1.el8.x86_64.rpm | Linux |
| Pam_ssh_agent_auth update (ELSA-2024-3166) pam_ssh_agent_auth-0.10.3-7.24.0.1.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-askpass-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-cavs-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-clients-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-keycat-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-ldap-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update openssh-server-8.0p1-24.el8.x86_64.rpm | Linux |
| Moderate: openssh security update pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-keycat-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-clients-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-cavs-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-askpass-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) pam_ssh_agent_auth-0.10.3-7.24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-server-8.0p1-24.el8.x86_64.rpm | Linux |
| openssh security update (RLSA-2024:3166) openssh-ldap-8.0p1-24.el8.x86_64.rpm | Linux |
| Improper Neutralization of Special Elements used in an OS Command (OS Command Injection) Vulnerability (CVE-2020-15778) | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234