Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2023-22809HistoryJan 18, 2023 - 5:15 p.m.
CVE-2023-22809
2023-01-1817:15:10
Debian Security Bug Tracker
security-tracker.debian.org
38
0.001 Low
EPSS
Percentile
19.0%
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a “–” argument that defeats a protection mechanism, e.g., an EDITOR=‘vim – /path/to/extra/file’ value.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | sudo | < 1.9.12p2-1 | sudo_1.9.12p2-1_all.deb |
| Debian | 11 | all | sudo | < 1.9.5p2-3+deb11u1 | sudo_1.9.5p2-3+deb11u1_all.deb |
| Debian | 10 | all | sudo | < 1.8.27-1+deb10u5 | sudo_1.8.27-1+deb10u5_all.deb |
| Debian | 999 | all | sudo | < 1.9.12p2-1 | sudo_1.9.12p2-1_all.deb |
| Debian | 13 | all | sudo | < 1.9.12p2-1 | sudo_1.9.12p2-1_all.deb |
Related
oraclelinux
oraclelinux
sudo security update
2023-01-23 00:00:00
sudo security update
2023-01-23 00:00:00
sudo security update
2023-01-24 00:00:00
nessus
nessus
EulerOS 2.0 SP9 : sudo (EulerOS-SA-2023-1459)
2023-03-08 00:00:00
Oracle Linux 7 : sudo (ELSA-2023-0291)
2023-01-24 00:00:00
CentOS 9 : sudo-1.9.5p2-9.el9
2024-02-29 00:00:00
fedora
fedora
[SECURITY] Fedora 36 Update: sudo-1.9.12-2.p2.fc36
2023-02-05 01:54:10
[SECURITY] Fedora 37 Update: sudo-1.9.12-1.p2.fc37
2023-01-22 01:52:00
ubuntu
ubuntu
Sudo vulnerability
2023-01-30 00:00:00
Sudo vulnerability
2023-01-18 00:00:00
Sudo vulnerabilities
2023-01-18 00:00:00
openvas
openvas
Debian: Security Advisory (DLA-3272-1)
2023-01-19 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-2173)
2023-06-09 00:00:00
Huawei EulerOS: Security Advisory for sudo (EulerOS-SA-2023-1611)
2023-04-13 00:00:00
debian
debian
[SECURITY] [DLA 3272-1] sudo security update
2023-01-18 16:30:36
[SECURITY] [DSA 5321-1] sudo security update
2023-01-18 15:39:45
redhat
redhat
(RHSA-2023:3276) Important: sudo security update
2023-05-23 13:49:27
(RHSA-2023:0284) Important: sudo security update
2023-01-23 08:23:15
(RHSA-2023:0280) Important: sudo security update
2023-01-23 08:22:47
osv
osv
Important: sudo security update
2023-01-23 08:23:15
CVE-2023-22809
2023-01-18 17:15:10
sudo - security update
2023-01-18 00:00:00
cvelist
cvelist
CVE-2023-22809
2023-01-18 00:00:00
veracode
veracode
Privilege Escalation
2023-01-20 21:08:45
packetstorm
packetstorm
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification
2023-08-18 00:00:00
Sudoedit Extra Arguments Privilege Escalation
2023-05-23 00:00:00
sudo 1.9.12p1 Privilege Escalation
2023-04-03 00:00:00
centos
centos
sudo security update
2023-01-30 16:44:19
metasploit
metasploit
Sudoedit Extra Arguments Priv Esc
2023-04-25 08:37:33
alpinelinux
alpinelinux
CVE-2023-22809
2023-01-18 17:15:10
githubexploit
githubexploit
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-02-22 17:50:03
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-07-10 06:38:14
Exploit for Improper Privilege Management in Sudo Project Sudo
2023-06-08 18:39:44
redhatcve
redhatcve
CVE-2023-22809
2023-01-18 16:36:30
korelogic
korelogic
zdt
zdt
Sudoedit Extra Arguments Privilege Escalation Exploit
2023-05-23 00:00:00
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation Exploit
2023-04-03 00:00:00
prion
prion
Design/Logic Flaw
2023-01-18 17:15:00
redos
redos
ROS-20230124-01
2023-01-24 00:00:00
rocky
rocky
sudo security update
2023-01-23 08:22:52
sudo security update
2023-01-23 08:23:15
cbl_mariner
cbl_mariner
CVE-2023-22809 affecting package sudo 1.9.12p1-1
2023-03-02 04:18:33
CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1
2023-02-24 01:54:46
cve
cve
CVE-2023-22809
2023-01-18 17:15:10
gentoo
gentoo
sudo: Root Privilege Escalation
2023-05-03 00:00:00
mageia
mageia
Updated sudo packages fix security vulnerability
2023-01-24 10:58:25
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-06-02 16:20:56
f5
f5
K000132667 : Sudo vulnerability CVE-2023-22809
2023-02-20 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2075
2023-01-31 12:50:07
Advisory ROSA-SA-2024-2396
2024-04-11 07:39:43
amazon
amazon
Important: sudo
2023-03-02 22:36:00
Important: sudo
2023-01-31 20:44:00
almalinux
almalinux
Important: sudo security update
2023-01-23 00:00:00
Important: sudo security update
2023-01-23 00:00:00
paloalto
paloalto
Impact of Sudo Vulnerability CVE-2023-22809
2023-02-08 17:00:00
ubuntucve
ubuntucve
CVE-2023-22809
2023-01-18 00:00:00
cloudlinux
cloudlinux
sudo: Fix of CVE-2023-22809
2023-02-09 23:32:51
exploitdb
exploitdb
sudo 1.8.0 to 1.9.12p1 - Privilege Escalation
2023-04-03 00:00:00
cloudfoundry
cloudfoundry
USN-5811-1: Sudo vulnerabilities | Cloud Foundry
2023-02-24 00:00:00
ibm
ibm
photon
photon
Critical Photon OS Security Update - PHSA-2023-0316
2023-01-18 00:00:00
Important Photon OS Security Update - PHSA-2023-0518
2023-01-19 00:00:00
Critical Photon OS Security Update - PHSA-2023-4.0-0316
2023-01-18 00:00:00
mmpc
mmpc
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
mssecure
mssecure
Uncursing the ncurses: Memory corruption vulnerabilities found in library
2023-09-14 11:30:00
apple
apple
About the security content of macOS Ventura 13.4
2023-05-18 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00