4.4 Medium
CVSS2
Access Vector
LOCAL
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
0.0005 Low
EPSS
Percentile
15.8%
Todd Miller reports:
Beginning with sudo version 1.7.0 it has been possible
to grant permission to run a command using a specified
group via sudo’s -g option (run as group), if allowed by
the sudoers file. A flaw exists in sudo’s password
checking logic that allows a user to run a command
with only the group changed without being prompted
for a password.