VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-bcaw-57uz-aaan

Essentials
Severities (105)
References (26)
Severity details (14)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-bcaw-57uz-aaan
Aliases	CVE-2023-6004
Summary	A flaw was found in libssh. By utilizing the ProxyCommand or ProxyJump feature, users can exploit unchecked hostname syntax on the client. This issue may allow an attacker to inject malicious code into the command of the features mentioned through the hostname parameter.
Status	Published
Exploitability	0.5
Weighted Severity	4.3
Risk	2.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-74

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

System	Score	Found at
cvssv3.1	4.8	https://access.redhat.com/errata/RHSA-2024:2504
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:2504
cvssv3.1	4.8	https://access.redhat.com/errata/RHSA-2024:3233
ssvc	Track	https://access.redhat.com/errata/RHSA-2024:3233
cvssv3	4.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6004.json
cvssv3.1	4.8	https://access.redhat.com/security/cve/CVE-2023-6004
ssvc	Track	https://access.redhat.com/security/cve/CVE-2023-6004
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00037	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00048	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00051	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00053	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00066	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00069	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2023-6004
cvssv3.1	4.8	https://bugzilla.redhat.com/show_bug.cgi?id=2251110
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2251110
cvssv3.1	4.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	4.8	https://nvd.nist.gov/vuln/detail/CVE-2023-6004
cvssv3.1	4.8	https://nvd.nist.gov/vuln/detail/CVE-2023-6004
cvssv3.1	4.8	https://www.libssh.org/security/advisories/CVE-2023-6004.txt
ssvc	Track	https://www.libssh.org/security/advisories/CVE-2023-6004.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6004.json
		https://access.redhat.com/security/cve/CVE-2023-6004
		https://api.first.org/data/v1/epss?cve=CVE-2023-6004
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-48795
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6004
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6918
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LZQVUHWVWRH73YBXUQJOD6CKHDQBU3DM/
		https://security.netapp.com/advisory/ntap-20240223-0004/
		https://www.libssh.org/security/advisories/CVE-2023-6004.txt
1059061		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059061
2251110		https://bugzilla.redhat.com/show_bug.cgi?id=2251110
cpe:2.3:a:libssh:libssh::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:libssh:libssh::::::::
cpe:2.3:o:fedoraproject:fedora:38:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:38:::::::*
cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
cpe:/a:redhat:enterprise_linux:8::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream
cpe:/a:redhat:enterprise_linux:9::appstream		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8::baseos
cpe:/o:redhat:enterprise_linux:9::baseos		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9::baseos
CVE-2023-6004		https://nvd.nist.gov/vuln/detail/CVE-2023-6004
RHSA-2024:2504		https://access.redhat.com/errata/RHSA-2024:2504
RHSA-2024:3233		https://access.redhat.com/errata/RHSA-2024:3233
USN-6592-1		https://usn.ubuntu.com/6592-1/
USN-6592-2		https://usn.ubuntu.com/6592-2/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:2504

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T20:45:01Z/ Found at https://access.redhat.com/errata/RHSA-2024:2504

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/errata/RHSA-2024:3233

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T20:45:01Z/ Found at https://access.redhat.com/errata/RHSA-2024:3233

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-6004.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://access.redhat.com/security/cve/CVE-2023-6004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T20:45:01Z/ Found at https://access.redhat.com/security/cve/CVE-2023-6004

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://bugzilla.redhat.com/show_bug.cgi?id=2251110

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T20:45:01Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2251110

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2023-6004

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L Found at https://www.libssh.org/security/advisories/CVE-2023-6004.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-01-10T20:45:01Z/ Found at https://www.libssh.org/security/advisories/CVE-2023-6004.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.04913
EPSS Score	0.00029
Published At	April 2, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2024-01-03T19:05:38.309604+00:00	Alpine Linux Importer	Import	https://secdb.alpinelinux.org/edge/community.json	34.0.0rc1