scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation8 reference(s) from NVD