Vulnerability CVE-2023-51385

Renan Poss Moreira

Updated November 08, 2024 18:27

Plesk for Linux kb: technical

Applicable to:

Plesk for Linux

Situation

Vulnerability CVE-2023-51385 has been discovered for openssh-server package on Ubuntu/Debian servers.

Impact

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Call to action

Issue has been fixed and deployed with openssh-server package version 8.2p1-4ubuntu0.11.

If server is up to date, no further action is required.

Additional information

https://ubuntu.com/security/CVE-2023-51385
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-51385