CVE-2023-7090

🗓️ 23 Dec 2023 22:33:13Reported by redhatType

A flaw in sudo handling of ipa_hostname, leading to privilege mismanagement vulnerability

Reporter	Title	Published	Views	Family All 32
ATTACKERKB	CVE-2023-7090	23 Dec 202323:15	–	attackerkb
AstraLinux	Astra Linux - уязвимость в sudo	3 May 202623:59	–	astralinux
Circl	CVE-2023-7090	24 Dec 202300:26	–	circl
CNNVD	sudo security vulnerability	23 Dec 202300:00	–	cnnvd
Cvelist	CVE-2023-7090 Sudo: improper handling of ipa_hostname leads to privilege mismanagement	23 Dec 202322:33	–	cvelist
Debian	[SECURITY] [DLA 3732-1] sudo security update	3 Feb 202409:27	–	debian
Debian CVE	CVE-2023-7090	23 Dec 202322:33	–	debiancve
Tenable Nessus	Debian dla-3732 : sudo - security update	3 Feb 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : sudo (EulerOS-SA-2024-1187)	8 Feb 202400:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : sudo (EulerOS-SA-2024-1207)	8 Feb 202400:00	–	nessus

NVD

Node

sudo_project sudoRange<1.8.28

[
  {
    "product": "sudo",
    "vendor": "n/a",
    "versions": [
      {
        "version": "1.8.28",
        "status": "unaffected"
      }
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 6",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sudo",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:6"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 7",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sudo",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:7"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 8",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sudo",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:8"
    ]
  },
  {
    "vendor": "Red Hat",
    "product": "Red Hat Enterprise Linux 9",
    "collectionURL": "https://access.redhat.com/downloads/content/package-browser/",
    "packageName": "sudo",
    "defaultStatus": "unaffected",
    "cpes": [
      "cpe:/o:redhat:enterprise_linux:9"
    ]
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "sudo",
    "defaultStatus": "unaffected"
  },
  {
    "product": "Fedora",
    "vendor": "Fedora",
    "collectionURL": "https://packages.fedoraproject.org/",
    "packageName": "freeipa",
    "defaultStatus": "unaffected"
  }
]

Source	Link
sudo	www.sudo.ws/releases/legacy/
bugzilla	www.bugzilla.redhat.com/show_bug.cgi
lists	www.lists.debian.org/debian-lts-announce/2024/02/msg00002.html
security	www.security.netapp.com/advisory/ntap-20240208-0001/
access	www.access.redhat.com/security/cve/CVE-2023-7090

21 Nov 2024 08:45Current

7.3High risk

Vulners AI Score7.3

CVSS 3.16.6 - 8.8

EPSS0.00082

CWE-269