CVE-2024-34713
3.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Summary
sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using sshproxy can inject options to the ssh command executed by sshproxy. All versions of sshproxy are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the force_command option in sshproxy.yaml, but it's rarely relevant.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| cea-hpc | sshproxy | < 1.6.3 | affected |
Weaknesses
- CWE-77: CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh
- https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
References
- https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh
- https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.