Описание
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
Ссылки
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingThird Party Advisory
- Release NotesThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 6.6 (включая) до 6.8 (включая)
cpe:2.3:a:opendoas_project:opendoas:*:*:*:*:*:*:*:*
EPSS
Процентиль: 77%
0.01024
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-459
Связанные уязвимости
CVSS3: 8.8
debian
около 5 лет назад
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly in ...
CVSS3: 8.8
github
больше 3 лет назад
There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.
EPSS
Процентиль: 77%
0.01024
Низкий
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
CWE-459