vulnerability
CentOS Linux: CVE-2018-20685: Moderate: openssh security, bug fix, and enhancement update (CESA-2019:3702)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 3 | (AV:N/AC:H/Au:N/C:N/I:P/A:N) | Jan 10, 2019 | Nov 6, 2019 | May 25, 2023 |
Severity
3
CVSS
(AV:N/AC:H/Au:N/C:N/I:P/A:N)
Published
Jan 10, 2019
Added
Nov 6, 2019
Modified
May 25, 2023
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename. The impact is modifying the permissions of the target directory on the client side.
Solution(s)
centos-upgrade-opensshcentos-upgrade-openssh-askpasscentos-upgrade-openssh-askpass-debuginfocentos-upgrade-openssh-cavscentos-upgrade-openssh-cavs-debuginfocentos-upgrade-openssh-clientscentos-upgrade-openssh-clients-debuginfocentos-upgrade-openssh-debuginfocentos-upgrade-openssh-debugsourcecentos-upgrade-openssh-keycatcentos-upgrade-openssh-keycat-debuginfocentos-upgrade-openssh-ldapcentos-upgrade-openssh-ldap-debuginfocentos-upgrade-openssh-servercentos-upgrade-openssh-server-debuginfocentos-upgrade-pam_ssh_agent_authcentos-upgrade-pam_ssh_agent_auth-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.