vulnerability
Amazon Linux AMI: CVE-2018-20685: Security patch for openssh (ALAS-2019-1313)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:H/Au:N/C:N/I:P/A:N) | Jan 10, 2019 | Oct 31, 2019 | Oct 31, 2019 |
Severity
3
CVSS
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
Published
Jan 10, 2019
Added
Oct 31, 2019
Modified
Oct 31, 2019
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Solution
amazon-linux-upgrade-openssh
Rapid7 Labs
2026 Global Threat Landscape Report
The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.