A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-6004 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2251110 | Issue Tracking |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ | Mailing List Vendor Advisory |
https://security.netapp.com/advisory/ntap-20240223-0004/ | |
https://www.libssh.org/security/advisories/CVE-2023-6004.txt | Mailing List |
Configurations
History
23 Feb 2024, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
16 Jan 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.8 |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ - Mailing List, Vendor Advisory |
11 Jan 2024, 19:18
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2023-6004 - Vendor Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2251110 - Issue Tracking | |
References | () https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/ - Vendor Advisory | |
References | () https://www.libssh.org/security/advisories/CVE-2023-6004.txt - Mailing List | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:libssh:libssh:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:* |
|
First Time |
Redhat enterprise Linux
Libssh libssh Fedoraproject Redhat Libssh Fedoraproject fedora |
10 Jan 2024, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
|
References |
|
03 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 17:15
Updated : 2024-02-23 16:15
NVD link : CVE-2023-6004
Mitre link : CVE-2023-6004
CVE.ORG link : CVE-2023-6004
JSON object : View
Products Affected
redhat
- enterprise_linux
libssh
- libssh
fedoraproject
- fedora
CWE
CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')