OpenSSH before 2.9.9, when running sftp using sftp-server and using restricted keypairs, allows remote authenticated users to bypass authorized_keys2 command= restrictions using sftp commands.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Openssh | Openbsd | * | 2.9.9 (including) |