Knowledge Base

Vulnerability CVE-2023-51385

Situation

Vulnerability CVE-2023-51385 has been discovered for openssh-server package on Ubuntu/Debian servers.

Impact

In ssh in OpenSSH before 9.6, OS command injection might occur if a user name or host name has shell metacharacters, and this name is referenced by an expansion token in certain situations. For example, an untrusted Git repository can have a submodule with shell metacharacters in a user name or host name.

Call to action

Issue has been fixed and deployed with openssh-server package version 8.2p1-4ubuntu0.11.

If server is up to date, no further action is required.

Additional information

Related Posts

Recommended OSs for Plesk

Using Remote Git Hosting with Plesk

SSL Certificates and Web Security – A Guide

Knowledge Base

How to add programs to chrooted shell environment template in Plesk?

How to install MongoDB database server in Plesk?

How to install different Ruby versions on Plesk server?

All websites hosted in Plesk are not accessible over HTTPS: 502 Bad Gateway or ERR_CONNECTION_REFUSED

Hosting Wiki