Upstream information

CVE-2017-12976 at MITRE

Description

git-annex before 6.20170818 allows remote attackers to execute arbitrary commands via an ssh URL with an initial dash character in the hostname, as demonstrated by an ssh://-eProxyCommand= URL, a related issue to CVE-2017-9800, CVE-2017-12836, CVE-2017-1000116, and CVE-2017-1000117.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.8
Vector AV:N/AC:M/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Medium
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
CVSS v3 Scores
  National Vulnerability Database
Base Score 8.8
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction Required
Scope Unchanged
Confidentiality Impact High
Integrity Impact High
Availability Impact High
CVSSv3 Version 3
SUSE Bugzilla entries: 1052481 [RESOLVED / FIXED], 1052696 [RESOLVED / FIXED], 1052932 [RESOLVED / FIXED], 1053364 [RESOLVED / FIXED], 1053919 [RESOLVED / FIXED], 1054653 [RESOLVED / FIXED], 1066430 [RESOLVED / FIXED], 1071709 [RESOLVED / FIXED]

SUSE Security Advisories:

    openSUSE-SU-2017:2309-1


SUSE Timeline for this CVE

CVE page created: Mon Aug 21 02:44:15 2017
CVE page last modified: Thu Dec 7 13:15:26 2023