rssh 2.0 through 2.1.x expands command line arguments before entering a chroot jail, which allows remote authenticated users to determine the existence of files in a directory outside the jail.
https://exchange.xforce.ibmcloud.com/vulnerabilities/16470