CVE-2024-34713

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant.

CVSS v3 3.5 LOW

3.5^/10

CVSS v3 : LOW

Vector :

Exploitability : 2.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh
https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580
https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh

Configurations

No configuration.

History

21 Nov 2024, 09:19

Type	Values Removed	Values Added
References	~~() https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580 -~~	() https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580 -
References	~~() https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh -~~	() https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh -

14 May 2024, 19:17

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-05-14 16:17

Updated : 2024-11-21 09:19

NVD link : CVE-2024-34713

Mitre link : CVE-2024-34713

CVE.ORG link : CVE-2024-34713

JSON object : View

Products Affected

No product.

CWE

CWE-77

Improper Neutralization of Special Elements used in a Command ('Command Injection')

{"id": "CVE-2024-34713", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2024-05-14T16:17:27.147", "references": [{"url": "https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580", "source": "security-advisories@github.com"}, {"url": "https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh", "source": "security-advisories@github.com"}, {"url": "https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-77"}]}], "descriptions": [{"lang": "en", "value": "sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant."}, {"lang": "es", "value": "sshproxy se utiliza en una puerta de enlace para representar de forma transparente una conexi\u00f3n SSH de usuario en la puerta de enlace a un host interno a trav\u00e9s de SSH. Antes de la versi\u00f3n 1.6.3, cualquier usuario autorizado para conectarse a un servidor ssh usando `sshproxy` pod\u00eda inyectar opciones al comando `ssh` ejecutado por `sshproxy`. Todas las versiones de `sshproxy` se ven afectadas. El problema se solucion\u00f3 a partir de la versi\u00f3n 1.6.3. La \u00fanica soluci\u00f3n es utilizar la opci\u00f3n `force_command` en `sshproxy.yaml`, pero rara vez es relevante."}], "lastModified": "2024-11-21T09:19:14.963", "sourceIdentifier": "security-advisories@github.com"}