5 matches found
SUSE CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
CLSA-2023-1675984682 sudo: Fix of CVE-2023-22809
CVE-2023-22809: do not permit editor arguments to include "--"...
CLSA-2023-1675984342 sudo: Fix of CVE-2023-22809
CVE-2023-22809: do not permit editor arguments to include "--"...
AZL-13030 CVE-2023-22809 affecting package sudo for versions less than 1.9.12p2-1
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...
CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...