https://bugzilla.redhat.com/show_bug.cgi?id=1375941
Eric Christensen sparks@redhat.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Whiteboard|impact=low,public=20160831, |impact=low,public=20160831, |reported=20160906,source=ma |reported=20160906,source=ma |geia,cvss2=2.6/AV:N/AC:H/Au |geia,cvss2=2.6/AV:N/AC:H/Au |:N/C:N/I:P/A:N,cvss3=4.2/CV |:N/C:N/I:P/A:N,cvss3=4.2/CV |SS:3.0/AV:N/AC:H/PR:H/UI:R/ |SS:3.0/AV:N/AC:H/PR:H/UI:R/ |S:U/C:N/I:H/A:N,cwe=CWE-22, |S:U/C:N/I:H/A:N,cwe=CWE-22, |fedora-all/jsch=affected/im |fedora-all/jsch=affected/cv |pact=moderate/cvss3=5.9/CVS |ss3=5.9/CVSS:3.0/AV:N/AC:H/ |S:3.0/AV:N/AC:H/PR:N/UI:N/S |PR:N/UI:N/S:U/C:N/I:H/A:N/i |:U/C:N/I:H/A:N,bpms-6/jsch= |mpact=moderate,bpms-6/jsch= |wontfix/cvss2=2.1/AV:N/AC:H |wontfix/cvss2=2.1/AV:N/AC:H |/Au:S/C:N/I:P/A:N,brms-6/js |/Au:S/C:N/I:P/A:N,brms-6/js |ch=wontfix/cvss2=2.1/AV:N/A |ch=wontfix/cvss2=2.1/AV:N/A |C:H/Au:S/C:N/I:P/A:N,amq-6/ |C:H/Au:S/C:N/I:P/A:N,amq-6/ |jsch=wontfix/cvss2=2.1/AV:N |jsch=wontfix/cvss2=2.1/AV:N |/AC:H/Au:S/C:N/I:P/A:N,jdv- |/AC:H/Au:S/C:N/I:P/A:N,jdv- |6/jsch=wontfix/cvss2=2.1/AV |6/jsch=wontfix/cvss2=2.1/AV |:N/AC:H/Au:S/C:N/I:P/A:N,fs |:N/AC:H/Au:S/C:N/I:P/A:N,fs |w-6/jsch=wontfix/cvss2=2.1/ |w-6/jsch=wontfix/cvss2=2.1/ |AV:N/AC:H/Au:S/C:N/I:P/A:N, |AV:N/AC:H/Au:S/C:N/I:P/A:N, |fuse-6/jsch=wontfix/cvss2=2 |fuse-6/jsch=wontfix/cvss2=2 |.1/AV:N/AC:H/Au:S/C:N/I:P/A |.1/AV:N/AC:H/Au:S/C:N/I:P/A |:N,jon-3/jsch=notaffected/i |:N,jon-3/jsch=notaffected/c |mpact=moderate/cvss3=5.9/CV |vss3=5.9/CVSS:3.0/AV:N/AC:H |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |/PR:N/UI:N/S:U/C:N/I:H/A:N/ |S:U/C:N/I:H/A:N,openshift-e |impact=moderate,openshift-e |nterprise-2/jsch=affected/i |nterprise-2/jsch=affected/c |mpact=moderate/cvss3=5.9/CV |vss3=5.9/CVSS:3.0/AV:N/AC:H |SS:3.0/AV:N/AC:H/PR:N/UI:N/ |/PR:N/UI:N/S:U/C:N/I:H/A:N/ |S:U/C:N/I:H/A:N,rhel-5/jsch |impact=moderate,rhel-5/jsch |=wontfix/impact=moderate/cv |=wontfix/cvss3=5.9/CVSS:3.0 |ss3=5.9/CVSS:3.0/AV:N/AC:H/ |/AV:N/AC:H/PR:N/UI:N/S:U/C: |PR:N/UI:N/S:U/C:N/I:H/A:N,r |N/I:H/A:N/impact=moderate,r |hel-6/jsch=affected/impact= |hel-6/jsch=affected/cvss3=5 |moderate/cvss3=5.9/CVSS:3.0 |.9/CVSS:3.0/AV:N/AC:H/PR:N/ |/AV:N/AC:H/PR:N/UI:N/S:U/C: |UI:N/S:U/C:N/I:H/A:N/impact |N/I:H/A:N,rhel-7/jsch=affec |=moderate,rhel-7/jsch=affec |ted/impact=moderate/cvss3=5 |ted/cvss3=5.9/CVSS:3.0/AV:N |.9/CVSS:3.0/AV:N/AC:H/PR:N/ |/AC:H/PR:N/UI:N/S:U/C:N/I:H |UI:N/S:U/C:N/I:H/A:N,rhn_sa |/A:N/impact=moderate,rhn_sa |tellite_6/jsch=affected/imp |tellite_6/jsch=affected/cvs |act=moderate/cvss3=5.9/CVSS |s3=5.9/CVSS:3.0/AV:N/AC:H/P |:3.0/AV:N/AC:H/PR:N/UI:N/S: |R:N/UI:N/S:U/C:N/I:H/A:N/im |U/C:N/I:H/A:N,rhev-m-4/jsch |pact=moderate,rhev-m-4/jsch |=affected/impact=moderate/c |=affected/cvss3=5.9/CVSS:3. |vss3=5.9/CVSS:3.0/AV:N/AC:H |0/AV:N/AC:H/PR:N/UI:N/S:U/C |/PR:N/UI:N/S:U/C:N/I:H/A:N, |:N/I:H/A:N/impact=moderate, |dts-3/jsch=wontfix/impact=m |dts-3/jsch=wontfix/cvss3=5. |oderate/cvss3=5.9/CVSS:3.0/ |9/CVSS:3.0/AV:N/AC:H/PR:N/U |AV:N/AC:H/PR:N/UI:N/S:U/C:N |I:N/S:U/C:N/I:H/A:N/impact= |/I:H/A:N,rhscl-2/rh-java-co |moderate,rhscl-2/rh-java-co |mmon-jsch=affected/impact=m |mmon-jsch=affected/cvss3=5. |oderate/cvss3=5.9/CVSS:3.0/ |9/CVSS:3.0/AV:N/AC:H/PR:N/U |AV:N/AC:H/PR:N/UI:N/S:U/C:N |I:N/S:U/C:N/I:H/A:N/impact= |/I:H/A:N |moderate
--- Doc Text *updated* --- A vulnerability was discovered in JSch that allows a malicious sftp server to force a client-side relative path traversal in jsch's implementation for recursive sftp-get. An attacker could leverage this to write files outside the client's download basedir with effective permissions of the jsch sftp client process.
java-sig-commits@lists.fedoraproject.org