Improper Privilege Management The advisory has been revoked - it doesn't affect any version of package openssh Open this link in a new tab

Threat Intelligence

EPSS 0.06% (22^nd percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications

Snyk ID SNYK-UBUNTU2204-OPENSSH-2775193
published 29 Sep 2021
disclosed 26 Sep 2021

Report a new vulnerability Found a mistake?

Introduced: 26 Sep 2021

CVE-2021-41617 Open this link in a new tab CWE-269 Open this link in a new tab

Amendment

The Ubuntu security team deemed this advisory irrelevant for Ubuntu:22.04.

NVD Description

Note: Versions mentioned in the description apply only to the upstream openssh package and not the openssh package as distributed by Ubuntu.

sshd in OpenSSH 6.2 through 8.x before 8.8, when certain non-default configurations are used, allows privilege escalation because supplemental groups are not initialized as expected. Helper programs for AuthorizedKeysCommand and AuthorizedPrincipalsCommand may run with privileges associated with group memberships of the sshd process, if the configuration specifies running the command as a different user.

Improper Privilege Management The advisory has been revoked - it doesn't affect any version of package openssh Open this link in a new tab

Threat Intelligence

Introduced: 26 Sep 2021

Amendment

NVD Description

References