Skip to main content

Rssh

6 CVEs product

Monthly

CVE-2019-3464 CRITICAL Act Now

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.7%
CVE-2019-3463 CRITICAL Act Now

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux Fedora Ubuntu Linux
NVD
CVSS 3.1
9.8
EPSS
4.9%
CVE-2019-1000018 HIGH POC This Week

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rssh Debian Linux Fedora Ubuntu Linux
NVD GitHub
CVSS 3.1
7.8
EPSS
1.9%
CVE-2012-2252 MEDIUM This Month

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. Rated medium severity (CVSS 4.4). No vendor patch available.

Authentication Bypass Rssh
NVD
CVSS 2.0
4.4
EPSS
0.1%
CVE-2012-2251 MEDIUM This Month

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. Rated medium severity (CVSS 4.4). No vendor patch available.

Debian Authentication Bypass Rssh
NVD
CVSS 2.0
4.4
EPSS
0.0%
CVE-2012-3478 LOW Monitor

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rssh
NVD
CVSS 2.0
2.1
EPSS
0.1%
EPSS 5% CVSS 9.8
CRITICAL Act Now

Insufficient sanitization of environment variables passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux +2
NVD
EPSS 5% CVSS 9.8
CRITICAL Act Now

Insufficient sanitization of arguments passed to rsync can bypass the restrictions imposed by rssh, a restricted shell that should restrict users to perform only rsync operations, resulting in the. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Rssh Debian Linux +2
NVD
EPSS 2% CVSS 7.8
HIGH POC This Week

rssh version 2.3.4 contains a CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') vulnerability in allowscp permission that can result in Local command. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Rssh Debian Linux +2
NVD GitHub
EPSS 0% CVSS 4.4
MEDIUM This Month

Incomplete blacklist vulnerability in rssh before 2.3.4, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via the --rsh command line option. Rated medium severity (CVSS 4.4). No vendor patch available.

Authentication Bypass Rssh
NVD
EPSS 0% CVSS 4.4
MEDIUM This Month

rssh 2.3.2, as used by Debian, Fedora, and others, when the rsync protocol is enabled, allows local users to bypass intended restricted shell access via a (1) "-e" or (2) "--" command line option. Rated medium severity (CVSS 4.4). No vendor patch available.

Debian Authentication Bypass Rssh
NVD
EPSS 0% CVSS 2.1
LOW Monitor

rssh 2.3.3 and earlier allows local users to bypass intended restricted shell access via crafted environment variables in the command line. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Rssh
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy