The do_setup_env function in session.c in sshd in OpenSSH through 7.2p2, when the UseLogin feature is enabled and PAM is configured to read .pam_environment files in user home directories, allows. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.
SSH
Privilege Escalation
Debian Linux
Openssh
Ubuntu Core
+2
NVD
VulDB
CVSS 3.0
7.8
EPSS
0.1%