CVE-2023-6004
Public on 2023-12-20
Modified on 2023-12-20
Description
Using the ProxyCommand or the ProxyJump feature enables users to exploit
unchecked hostname syntax on the client, which enables to inject malicious code
into the command of the above-mentioned features through the hostname parameter.
unchecked hostname syntax on the client, which enables to inject malicious code
into the command of the above-mentioned features through the hostname parameter.
Severity
Low
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2023 | libssh | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 3.9 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N |
| NVD | CVSSv3 | 4.8 | CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L |