ALPINE-CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Design/Logic Flaw

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

Sudo 安全漏洞

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A security vulnerability in Sudo before 1.9.12p2 stems from the sudoedit a.k.a. -e function mishandling additional arguments passed in user-supplied environment variables...

CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

CVE-2023-22809

CVE-2023-22809 affects sudo prior to 1.9.12p2, where the sudoedit (-e) feature mishandles extra arguments passed via environment variables SUDO_EDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process, enabling privilege escalation. The ...

UBUNTU-CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

PT-2023-1077 · Sudo +11 · Sudo +11

Name of the Vulnerable Software and Affected Versions: Sudo versions 1.8.0 through 1.9.12p1 Description: The issue is related to the sudoedit feature in Sudo, which mishandles extra arguments passed in user-provided environment variables, such as SUDO EDITOR, VISUAL, and EDITOR. This allows a loc...

Malware Attack on CircleCI Engineer's Laptop Leads to Recent Security Incident

DevOps platform CircleCI on Friday disclosed that unidentified threat actors compromised an employee's laptop and leveraged malware to steal their two-factor authentication-backed credentials to breach the company's systems and data last month. The CI/CD service CircleCI said the "sophisticated...

Information Disclosure

github.com/hashicorp/nomad is vulnerable to information disclosure. The vulnerability exists because the consul-template in templateRunner of template. go always falls back to host process environment variables when the key isn't a task in env var1, allowing an attacker to gain sensitive...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1100)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

EulerOS 2.0 SP9 : golang (EulerOS-SA-2023-1124)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

Siren Investigate 安全漏洞

Siren Investigate is a front-end for the Siren platform from Siren Ireland, allowing the creation of dashboards, charts, link analysis, alerts and more. A security vulnerability exists in Siren Investigate versions prior to 12.1.7 that stems from insufficient whitelisting sandboxing of script...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-1010)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

EulerOS 2.0 SP11 : golang (EulerOS-SA-2023-1035)

According to the versions of the golang packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - Reader.Read does not set a limit on the maximum size of file headers. A maliciously crafted archive could cause Read to allocate unbounded amoun...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

Code injection

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

CVE-2022-3460

In affected versions of Octopus Deploy it is possible for certain types of sensitive variables to inadvertently become unmasked when viewed in variable preview...

PT-2023-13416 · Unknown · Octopus Deploy

Name of the Vulnerable Software and Affected Versions: Octopus Deploy affected versions not specified Description: The issue allows certain types of sensitive variables to become unmasked when viewed in variable preview. Recommendations: At the moment, there is no information about a newer versio...

CVE-2022-3460

CVE-2022-3460 affects Octopus Deploy; certain types of sensitive variables may be unmasked when viewed in the variable preview. The CVSS 3.1 metrics indicate a HIGH impact (7.5) with Network attack vector, Low attack complexity, and no privileges or user interaction required, but confidentiality ...