Candidate: CVE-2020-9355
PublicDate: 2020-02-23 02:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-9355
 https://github.com/danfruehauf/NetworkManager-ssh/pull/98
 https://github.com/danfruehauf/NetworkManager-ssh/commit/5d88cd89795352b5df54cc0ebb6a0076b8c89ee4
 https://bugzilla.redhat.com/show_bug.cgi?id=1803499
 https://github.com/danfruehauf/NetworkManager-ssh/releases/tag/1.2.11
Description:
 danfruehauf NetworkManager-ssh before 1.2.11 allows privilege escalation
 because extra options are mishandled.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_network-manager-ssh:
upstream_network-manager-ssh: released (1.2.11-1)
precise/esm_network-manager-ssh: DNE
trusty_network-manager-ssh: ignored (out of standard support)
trusty/esm_network-manager-ssh: DNE
xenial_network-manager-ssh: ignored (end of standard support, was needed)
bionic_network-manager-ssh: needed
eoan_network-manager-ssh: ignored (reached end-of-life)
focal_network-manager-ssh: not-affected (1.2.11-1)
groovy_network-manager-ssh: not-affected (1.2.11-1)
hirsute_network-manager-ssh: not-affected (1.2.11-1)
impish_network-manager-ssh: not-affected (1.2.11-1)
jammy_network-manager-ssh: not-affected (1.2.11-1)
devel_network-manager-ssh: not-affected (1.2.11-1)