Lucene search

K
osvGoogleOSV:CVE-2021-23240
HistoryJan 12, 2021 - 9:15 a.m.

CVE-2021-23240

2021-01-1209:15:14
Google
osv.dev
17
sudo
vulnerability
local user
file ownership
privilege escalation
selinux
rbac support
permissive mode
software security

AI Score

6.9

Confidence

High

EPSS

0.001

Percentile

40.7%

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.