CVE-2023-35812

EUVD-2023-39807
An issue was discovered in the Amazon Linux packages of OpenSSH 7.4 for Amazon Linux 1 and 2, because of an incomplete fix for CVE-2019-6111 within these specific packages. The fix had only covered cases where an absolute path is passed to scp. When a relative path is used, there is no verification that the name of a file received by the client matches the file requested. Fixed packages are available with numbers 7.4p1-22.78.amzn1 and 7.4p1-22.amzn2.0.2.
Path Traversal
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5.3 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 33%
Amazon Linux logo
Amazon Linux Releases
Amazon Package
Release
openssh
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-askpass
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-cavs
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-clients
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-debuginfo
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-keycat
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-ldap
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-server
Amazon Linux 1
0:7.4p1-22.78.amzn1
fixed
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
openssh-server-sysvinit
Amazon Linux 2
0:7.4p1-22.amzn2.0.2
fixed
pam_ssh_agent_auth
Amazon Linux 1
0:0.10.3-2.22.78.amzn1
fixed
Amazon Linux 2
0:0.10.3-2.22.amzn2.0.2
fixed