2 matches found
Directory Traversal
Overview Affected versions of this package are vulnerable to Directory Traversal via the AuthorizedKeysFile %u token. An attacker can gain unauthorized SSH authentication by supplying a specially crafted username containing path traversal sequences, allowing the server to read an...
GHSA-G794-3FMP-753H AsyncSSH `AuthorizedKeysFile %u` path traversal allows attacker-selected authorized keys to authenticate a traversal username
Summary AsyncSSH 2.22.0 expands the OpenSSH-compatible AuthorizedKeysFile %u token with the raw SSH username during pre-authentication server config reload. A server configured with a documented per-user key pattern such as AuthorizedKeysFile authorizedkeys/%u can be made to read an authorized-ke...