VDB
CVE-2020-15778
CVE-2020-15778
PUBLISHED
scp in OpenSSH through 8.3p1 allows command injection in the scp.c toremote function, as demonstrated by backtick characters in the destination argument. NOTE: the vendor reportedly has stated that they intentionally omit validation of "anomalous argument transfers" because that could "stand a great chance of breaking existing workflows."
EPSS 64.28% · 98.5th percentile
Risk Scores
EPSS Score
64.28%
98.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:20.04:LTS | openssh | 0, *, * |
| Ubuntu:18.04:LTS | openssh-ssh1 | 1:7.5p1-8, 1:7.5p1-10, 1:7.5p1-9build1 |
| Ubuntu:Pro:16.04:LTS | openssh | *, 0, 1:6.9p1-2 |
| Ubuntu:Pro:14.04:LTS | openssh | 1:6.6p1-1, 1:6.6p1-2ubuntu2.10, 1:6.6p1-2ubuntu2.8 |
| Ubuntu:20.04:LTS | openssh-ssh1 | 1:7.5p1-11build1, 0 |
| Ubuntu:Pro:18.04:LTS | openssh | 1:7.6p1-4ubuntu0.7+esm2, 1:7.6p1-4ubuntu0.7+esm3, 1:7.6p1-4ubuntu0.7+esm4 |
Timeline
- Jul 24, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Aug 4, 2024 CVE Updated
- Mar 17, 2025 EPSS Score
- Apr 3, 2025 PoC Published
- May 1, 2025 EPSS Score
- Jun 1, 2025 EPSS Score
- Jun 4, 2025 EPSS Score
- Jul 1, 2025 EPSS Score
- Jul 30, 2025 EPSS Score
- Aug 1, 2025 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-15778 third-party-advisory
- https://github.com/cpandya2909/CVE-2020-15778 third-party-advisory
- https://www.openssh.com/security.html third-party-advisory
- https://lwn.net/Articles/835962/ third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-15778 third-party-advisory