PT-2022-13263 · Unknown +2 · Util-Linux +2

Name of the Vulnerable Software and Affected Versions: util-linux versions prior to 2.37.4 Description: A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an INPUTRC environment variable to get a path to the library config fil...

sudo: Possible info leak via INPUTRC

It was discovered that the default sudo configuration preserved the value of INPUTRC from the user's environment, which could lead to information disclosure. A local user with sudo access to a restricted program that uses readline could use this flaw to read content from specially formatted files...