Security Advisory

CVE-2024-34713

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-14 14:38:24

Last updated 2024-08-02 02:59:21

Assigner GitHub_M

State PUBLISHED

Description

sshproxy is used on a gateway to transparently proxy a user SSH connection on the gateway to an internal host via SSH. Prior to version 1.6.3, any user authorized to connect to a ssh server using `sshproxy` can inject options to the `ssh` command executed by `sshproxy`. All versions of `sshproxy` are impacted. The problem is patched starting in version 1.6.3. The only workaround is to use the `force_command` option in `sshproxy.yaml`, but its rarely relevant.

← Browse all CVEs View on cve.org ↗