Assigner | mitre |
Reserved | 2023-06-17 |
Published | 2024-04-03 |
Updated | 2024-04-03 |
Description
An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.
CVSS:3.1/AC:H/AV:N/A:N/C:N/I:H/PR:N/S:U/UI:R |
References
https://alas.aws.amazon.com/cve/html/CVE-2023-35812.html