Lucene search

K

GoogleOSV:CVE-2021-23240

HistoryJan 12, 2021 - 9:15 a.m.

CVE-2021-23240

2021-01-1209:15:14

Google

osv.dev

5

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.8%

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

CPENameOperatorVersion
sudoeq1.7.2_p2-r1
sudoeq1.8.4_p1-r1
sudoeq1.8.29-r1
sudoeq1.8.4_p2-r1
sudoeq1.9.3_p1-r1
sudoeq1.7.1-r1
sudoeq1.8.3_p1-r1
sudoeq1.8.8-r1
sudoeq1.9.3-r1
sudoeq1.8.6-r1

Rows per page:

1-10 of 771

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2021-23240

lists.apache.org/thread.html/r58af02e294bd07f487e2c64ffc0a29b837db5600e33b6e698b9d696b%40%3Cissues.bookkeeper.apache.org%3E

lists.apache.org/thread.html/rf4c02775860db415b4955778a131c2795223f61cb8c6a450893651e4%40%3Cissues.bookkeeper.apache.org%3E

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/EE42Y35SMJOLONAIBNYNFC7J44UUZ2Y6/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GMY4VSSBIND7VAYSN6T7XIWJRWG4GBB3/

security.gentoo.org/glsa/202101-33

security.netapp.com/advisory/ntap-20210129-0010/

www.sudo.ws/stable.html#1.9.5

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

4.4 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

39.8%

Related for OSV:CVE-2021-23240

nessus30 ubuntucve1 alpinelinux1 debiancve1 cbl_mariner1 prion1 cve1 redhatcve1 veracode1 cloudlinux1 mageia1 openvas21 osv1 slackware1 oraclelinux1 rosalinux1 fedora2 almalinux1 redhat4 rocky1 suse2 photon6 gentoo1 ibm1