Post by Mile Stojaković 
June 26, 2020 | 
OpenSSH project had been working on version OpenSSH 8.0p1 in 2019. They published that “scp” protocol thus the “scp” command has a vulnerability with verification of the file name sent by server against the one that client actually requested. This issue was mitigated in OpenSSH 8.0p1 but, was never fully applied across the platforms.
Reference: https://lists.mindrot.org/pipermail/openssh-unix-dev/2019-March/037672.html
An important thing to note is that this is still an ongoing issue with different platforms. RedHat has marked the scp as “Will Not Fix” for Red Hat Enterprise Linux 7 on their official page addressing CVE-2019-6111 in OpenSSH version 7.9.
Emotional statement: as we all loved worked with scp we’ll be monitoring for confirmation that this vulnerability is removed across the platforms and will gladly let you know about it 😉.
Make sure to check out our other tech blog posts!
