CVE-2018-20685
MEDIUM5.3EPSS 3.4%openssh - security update
Published: 1/10/2019Modified: 4/28/2026
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Affected packages (5)
- Alpine/dropbearfrom 0, < 2019.78-r1
- Alpine/opensshfrom 0, < 7.9_p1-r3
- Debian/opensshfrom 0, < 1:7.9p1-5
- Debian/opensshfrom 0, < 1:6.7p1-5+deb8u8
- Debian/opensshfrom 0, < 1:7.4p1-10+deb9u5
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |