CVE-2018-20685

Source
Severity High
Remote Yes
Type Insufficient validation
Description
In OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty filename.
Group Package Affected Fixed Severity Status Ticket
AVG-951 openssh 7.9p1-1 8.0p1-1 High Fixed
Date Advisory Group Package Severity Description
24 Apr 2019 ASA-201904-11 AVG-951 openssh High multiple issues
References
https://cvsweb.openbsd.org/cgi-bin/cvsweb/src/usr.bin/ssh/scp.c.diff?r1=1.197&r2=1.198&f=h
https://github.com/openssh/openssh-portable/commit/6010c0303a422a9c5fa8860c061bf7105eb7f8b2
https://sintonen.fi/advisories/scp-client-multiple-vulnerabilities.txt