Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2023-22809

Опубликовано: 18 янв. 2023
Источник: ubuntu
Приоритет: medium
EPSS Средний
CVSS3: 7.8

Описание

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

РелизСтатусПримечание
bionic

released

1.8.21p2-3ubuntu1.5
devel

released

1.9.11p3-1ubuntu3
esm-infra-legacy/trusty

not-affected

1.8.9p5-1ubuntu1.5+esm7
esm-infra/bionic

not-affected

1.8.21p2-3ubuntu1.5
esm-infra/focal

not-affected

1.8.31-1ubuntu1.4
esm-infra/xenial

released

1.8.16-0ubuntu1.10+esm1
focal

released

1.8.31-1ubuntu1.4
jammy

released

1.9.9-1ubuntu2.2
kinetic

released

1.9.11p3-1ubuntu1.1
lunar

released

1.9.11p3-1ubuntu3

Показывать по

Ссылки на источники

EPSS

Процентиль: 97%
0.43244
Средний

7.8 High

CVSS3

Связанные уязвимости

redhat логотип

CVE-2023-22809

CVSS3: 7.8
redhat
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

nvd логотип

CVE-2023-22809

CVSS3: 7.8
nvd
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

debian логотип

CVE-2023-22809

CVSS3: 7.8
debian
больше 2 лет назад

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extr ...

suse-cvrf логотип

SUSE-SU-2023:0117-1

suse-cvrf
больше 2 лет назад

Security update for sudo

suse-cvrf логотип

SUSE-SU-2023:0116-1

suse-cvrf
больше 2 лет назад

Security update for sudo

EPSS

Процентиль: 97%
0.43244
Средний

7.8 High

CVSS3