CVE-2020-15778
Public on 2020-07-24
Modified on 2023-07-03
Description
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
The OpenSSH project has concluded that fixing CVE-2020-15778 would break backward compatibility and Amazon Linux agrees. No fix is planned for Amazon Linux at this time.
Users that are concerned about this specific vector are encouraged to use sftp or rsync over ssh.
The OpenSSH project has concluded that fixing CVE-2020-15778 would break backward compatibility and Amazon Linux agrees. No fix is planned for Amazon Linux at this time.
Users that are concerned about this specific vector are encouraged to use sftp or rsync over ssh.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | openssh | No Fix Planned | ||
| Amazon Linux 2 - Core | openssh | No Fix Planned | ||
| Amazon Linux 2023 | openssh | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| NVD | CVSSv3 | 7.8 | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 6.8 | AV:N/AC:M/Au:N/C:P/I:P/A:P |