CVE-2018-20685
MEDIUM5.3EPSS 3.4%openssh - security update
發布日:2019/1/10修改日:2025/12/3
也稱為:ALPINE-CVE-2018-20685DEBIAN-CVE-2018-20685
描述
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
受影響套件(5)
- Alpine/dropbearfrom 0, < 2019.78-r1
- Alpine/opensshfrom 0, < 7.9_p1-r3
- Debian/opensshfrom 0, < 1:7.9p1-5
- Debian/opensshfrom 0, < 1:6.7p1-5+deb8u8
- Debian/opensshfrom 0, < 1:7.4p1-10+deb9u5
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N |