A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.

CPENameOperatorVersion
fedoraeq38
libsshge0.10.0
libsshlt0.10.6
libsshge0.8.0
libsshlt0.9.8
enterprise_linuxeq8.0
enterprise_linuxeq9.0

Name	Operator	Version
fedora	eq	38
libssh	ge	0.10.0
libssh	lt	0.10.6
libssh	ge	0.8.0
libssh	lt	0.9.8
enterprise_linux	eq	8.0
enterprise_linux	eq	9.0

References

access.redhat.com/security/cve/CVE-2023-6004

bugzilla.redhat.com/show_bug.cgi?id=2251110

lists.fedoraproject.org/archives/list/[email protected]/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/

security.netapp.com/advisory/ntap-20240223-0004/

www.libssh.org/security/advisories/CVE-2023-6004.txt

cgr 1

cve 1

redhatcve 1

debiancve 1

wolfi 1

ubuntucve 1

alpinelinux 1

hackerone 1

veracode 1

osv 7

nvd 1

cvelist 1

nessus 29

gentoo 1

oraclelinux 2

ubuntu 2

redos 1

openvas 22

almalinux 2

rocky 1

redhat 7

cloudfoundry 1

mageia 1

slackware 1

fedora 2

debian 1

photon 1

ibm 1

hp 1

oracle 1

cgr

CVE-2023-6004 vulnerabilities

2024-05-19 03:07:16

cve

CVE-2023-6004

2024-01-03 17:15:11

redhatcve

CVE-2023-6004

2023-12-18 22:58:47

debiancve

CVE-2023-6004

2024-01-03 17:15:11

wolfi

CVE-2023-6004 vulnerabilities

2024-06-25 03:08:26

ubuntucve

CVE-2023-6004

2024-01-03 00:00:00

alpinelinux

CVE-2023-6004

2024-01-03 17:15:11

hackerone

Internet Bug Bounty: Command Injection using malicious hostname in expanded proxycommand

2023-12-20 22:05:47

veracode

Command Injection

2023-12-21 09:16:27

osv

CVE-2023-6004

2024-01-03 17:15:11

Low: libssh security update

2024-04-30 00:00:00

libssh vulnerabilities

2024-02-05 13:02:16

nvd

CVE-2023-6004

2024-01-03 17:15:11

cvelist

CVE-2023-6004 Libssh: proxycommand/proxyjump features allow injection of malicious code through hostname

2024-01-03 17:01:38

nessus

Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : libssh vulnerabilities (USN-6592-1)

2024-01-22 00:00:00

CentOS 8 : libssh (CESA-2024:3233)

2024-05-22 00:00:00

Rocky Linux 8 : libssh (RLSA-2024:3233)

2024-06-14 00:00:00

gentoo

libssh: Multiple Vulnerabilities

2023-12-28 00:00:00

oraclelinux

libssh security update

2024-05-23 00:00:00

libssh security update

2024-05-02 00:00:00

ubuntu

libssh vulnerabilities

2024-02-05 00:00:00

libssh vulnerabilities

2024-01-22 00:00:00

redos

ROS-20240328-06

2024-03-28 00:00:00

openvas

Ubuntu: Security Advisory (USN-6592-2)

2024-02-06 00:00:00

Ubuntu: Security Advisory (USN-6592-1)

2024-01-23 00:00:00

Huawei EulerOS: Security Advisory for libssh (EulerOS-SA-2024-1238)

2024-03-12 00:00:00

almalinux

Low: libssh security update

2024-05-22 00:00:00

Low: libssh security update

2024-04-30 00:00:00

rocky

libssh security update

2024-06-14 13:59:16

redhat

(RHSA-2024:2504) Low: libssh security update

2024-04-30 06:15:53

(RHSA-2024:3233) Low: libssh security update

2024-05-22 06:36:02

(RHSA-2024:3368) Important: Errata Advisory for Red Hat OpenShift GitOps v1.12.3 security update

2024-05-28 08:19:54

cloudfoundry

USN-6592-1: libssh vulnerabilities | Cloud Foundry

2024-02-29 00:00:00

mageia

Updated libssh packages fix security vulnerabilities

2023-12-29 20:16:34

slackware

[slackware-security] libssh

2023-12-19 21:31:02

fedora

[SECURITY] Fedora 39 Update: libssh-0.10.6-1.fc39

2023-12-22 02:44:21

[SECURITY] Fedora 38 Update: libssh-0.10.6-2.fc38

2024-01-10 01:52:52

debian

[SECURITY] [DSA 5591-1] libssh security update

2023-12-28 14:27:16

photon

Important Photon OS Security Update - PHSA-2024-3.0-0712

2024-01-12 00:00:00

ibm

Security Bulletin: IBM MQ Operator and Queue manager container images are vulnerable to libssh, Linux-pam ,Kerberos 5, systemd and idna packages/liberaries.

2024-06-17 11:59:28

HP ThinPro 8.0 SP 9 Security Updates

2024-06-17 00:00:00

oracle

Oracle Critical Patch Update Advisory - April 2024

2024-04-16 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

7 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

15.9%

JSON

Related for PRION:CVE-2023-6004