Description

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but it's rarely relevant.

INFO

Published Date :

2024-05-14T14:38:24.770Z

Last Modified :

2024-08-02T02:59:21.984Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-34713 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-34713.

URL Resource
https://github.com/cea-hpc/sshproxy/commit/f7eabd05d5f0f951e160293692327cad9a7d9580 cve-icon cve-icon cve-icon
https://github.com/cea-hpc/sshproxy/security/advisories/GHSA-jmqp-37m5-49wh cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact