CVE-2024-34713 LOW

CVE-2024-34713: sshproxy vulnerable to SSH option injection

Vendor Cea-Hpc
Product sshproxy
Weakness CWE-77
Published May 14, 2024
Last update August 2, 2024

CVSS base score

3.5/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant.

Key dates

02Disclosure timeline

May 14, 2024 CVE published
August 2, 2024 Record updated