CVE-2023-51385

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Dec 18, 2023

Updated: Mar 13, 2024

CWE ID 78

Summary

CVE-2023-51385 is a vulnerability affecting OpenSSH versions prior to 9.6. It allows for OS command injection if a user name or host name contains shell metacharacters and is referenced by an expansion token in specific situations. An attacker could exploit this vulnerability by manipulating an untrusted Git repository, where a submodule has a user name or host name with shell metacharacters. This could potentially result in the execution of arbitrary OS commands, posing a significant security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

OpenSSH
Debian

Affected Vendors

OpenBSD Project
Debian

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/t2O_t1
https://www.cve.org/CVERecord?id=CVE-2023-51385
https://nvd.nist.gov/vuln/detail/CVE-2023-51385

Back to Vulnerability Database