CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
67.9%
It was discovered that OpenSSH incorrectly handled supplemental groups when
running helper programs for AuthorizedKeysCommand and
AuthorizedPrincipalsCommand as a different user. An attacker could possibly
use this issue to escalate privileges. This issue only affected Ubuntu
20.04 LTS. (CVE-2021-41617)
It was discovered that OpenSSH incorrectly added destination constraints
when PKCS#11 token keys were added to ssh-agent, contrary to expectations.
This issue only affected Ubuntu 22.04 LTS, and Ubuntu 23.04.
(CVE-2023-51384)
It was discovered that OpenSSH incorrectly handled user names or host names
with shell metacharacters. An attacker could possibly use this issue to
perform OS command injection. (CVE-2023-51385)
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Ubuntu | 23.10 | noarch | openssh-client | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-client-dbgsym | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-server | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-server-dbgsym | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-sftp-server | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-sftp-server-dbgsym | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-tests | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | openssh-tests-dbgsym | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | ssh | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
Ubuntu | 23.10 | noarch | ssh-askpass-gnome | < 1:9.3p1-1ubuntu3.2 | UNKNOWN |
CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
67.9%