scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
scponly scponly 2.3 |
||
scponly scponly 2.4 |