scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
References
Link | Resource |
---|---|
https://access.redhat.com/errata/RHSA-2024:3166 | |
https://github.com/cpandya2909/CVE-2020-15778/ | Exploit Third Party Advisory |
https://news.ycombinator.com/item?id=25005567 | Third Party Advisory |
https://security.gentoo.org/glsa/202212-06 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20200731-0007/ | Third Party Advisory |
https://www.openssh.com/security.html | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-07-24T00:00:00
Updated: 2024-06-04T17:12:18.895Z
Reserved: 2020-07-15T00:00:00
Link: CVE-2020-15778
JSON object: View
NVD Information
Status : Modified
Published: 2020-07-24T14:15:12.450
Modified: 2024-06-04T19:17:00.783
Link: CVE-2020-15778
JSON object: View
Redhat Information
No data.
CWE