142 matches found
MiracleLinux 7 : sudo-1.8.23-10.el7.3 (AXSA:2023-4846:02)
The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2023-4846:02 advisory. sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Tenable has extracted the preceding description block directly from the...
MiracleLinux 9 : sudo-1.9.5p2-7.el9.1 (AXSA:2023-4872:03)
The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4872:03 advisory. sudo: arbitrary file write with privileges of the RunAs user CVE-2023-22809 Tenable has extracted the preceding description block directly from the...
Exploit for Improper Privilege Management in Sudo_Project Sudo
CVE-2023-22809-automated-python-exploits automatically exploit...
TencentOS Server 2: sudo (TSSA-2023:0133)
The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0133 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...
TencentOS Server 3: sudo (TSSA-2023:0015)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0015 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...
Security Bulletin: Vulnerability in SUDO affects IBM Integrated Analytics System (Sailfish)[CVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465]
Summary The SUDO package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465 Vulnerability Details CVEID:CVE-2023-22809 DESCRIPTION: In Sudo before 1.9.12p2, the sudoedit aka -e...
ABB M2M Gateway Improper Privilege Management in embedded Sudo (CVE-2023-22809)
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
Security Bulletin: Vulnerability in Sudo affects IBM Integrated Analytics System (Sailfish)[CVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465].
Summary The Sudo package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465. Vulnerability Details CVEID:CVE-2023-22809 DESCRIPTION: In Sudo before 1.9.12p2, the sudoedit aka -...
Alibaba Cloud Linux 3 : 0010: sudo (ALINUX3-SA-2023:0010)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0010 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-22809: In Sudo before 1.9.12p2, the sudoed...
Exploit for Improper Privilege Management in Sudo_Project Sudo
CVE-2023-22809 Exploiter Scripts Disclaimer This script is pr...
Advisory ROSA-SA-2024-2396
Software: sudo 1.8.29 OS: ROSA Virtualization 2.1 packageevrstring: sudo-1.8.29-8.rv3.1 CVE-ID: CVE-2023-22809 BDU-ID: 2023-00210 CVE-Crit: MEDIUM. CVE-DESC.: A vulnerability in the sudoedit function of the Sudo system administration program is related to errors in the handling of additional...
CentOS 9 : sudo-1.9.5p2-9.el9
The remote CentOS Linux 9 host has packages installed that are affected by a vulnerability as referenced in the sudo-1.9.5p2-9.el9 build changelog. - arbitrary file write with privileges of the RunAs user CVE-2023-22809 Note that Nessus has not tested for this issue but has instead relied only on...
CentOS 8 : sudo (CESA-2023:0284)
The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2023:0284 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...
Rocky Linux 9 : sudo (RLSA-2023:0282)
The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0282 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...
Rocky Linux 8 : sudo (RLSA-2023:0284)
The remote Rocky Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2023:0284 advisory. - In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user- provided environment variables SUDOEDITOR, VISUAL, and...
Security Bulletin: IBM Security Guardium is affected by a multiple vulnerabilities (CVE-2023-22809, CVE-2019-12490, CVE-2023-0041)
Summary IBM Security Guardium has addressed these vulnerabilities. Vulnerability Details CVEID:CVE-2023-0041 DESCRIPTION: IBM Security Guardium could allow a user to take over another user's session due to insufficient session expiration. CVSS Base score: 6.3 CVSS Temporal Score: See:...
BELL-CVE-2023-22809 CVE-2023-22809 does not affect BellSoft software
Bulletin has no description...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification Vulnerability
Cisco ThousandEyes Enterprise Agent Virtual Appliance version thousandeyes-va-64-18.04 0.218 suffers from an unpatched vulnerability in sudoedit, allowed by sudo configuration, which permits a low-privilege user to modify arbitrary files as root and subsequently execute arbitrary commands as root...
Cisco ThousandEyes Enterprise Agent Virtual Appliance Arbitrary File Modification via sudoedit
Vulnerability Details Affected Vendor: ThousandEyes Affected Product: ThousandEyes Enterprise Agent Virtual Appliance Affected Version: thousandeyes-va-64-18.04 0.218 Platform: Linux / Ubuntu 18.04 CWE Classification: CWE-1395: Dependency on Vulnerable Third-Party Component CVE ID:...
Exploit for Improper Privilege Management in Sudo_Project Sudo
CVE-2023-22809 CVE-2023-22809 is a critical vulnerability...