Your submission was sent successfully! Close

You have successfully unsubscribed! Close

CVE-2023-22809

Published: 18 January 2023

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Priority

Medium

Cvss 3 Severity Score

7.8

Score breakdown

Status

Package Release Status
sudo
Launchpad, Ubuntu, Debian
bionic
Released (1.8.21p2-3ubuntu1.5)
focal
Released (1.8.31-1ubuntu1.4)
jammy
Released (1.9.9-1ubuntu2.2)
kinetic
Released (1.9.11p3-1ubuntu1.1)
trusty
Released (1.8.9p5-1ubuntu1.5+esm7)
upstream
Released (1.9.12p2)
xenial
Released (1.8.16-0ubuntu1.10+esm1)
Patches:
upstream: https://www.sudo.ws/repos/sudo/rev/2ca90805f471

Severity score breakdown

Parameter Value
Base score 7.8
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction None
Scope Unchanged
Confidentiality High
Integrity impact High
Availability impact High
Vector CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H