GHSA-Q428-6V73-FC4Q sudo-rs doesn't record authenticating user properly in timestamp

Summary When Defaults targetpw or Defaults rootpw is enabled, the password of the target account or root account instead of the invoking user is used for authentication. sudo-rs prior to 0.2.10 incorrectly recorded the invoking user’s UID instead of the authenticated-as user's UID in the...

sudo-rs 授权问题漏洞

sudo-rs is an open source in-memory security implementation of sudo and su by Trifecta Tech Foundation. An authorization issue vulnerability exists in sudo-rs version 0.2.5 through versions prior to 0.2.10, which stems from improperly logged authentication timestamps and could lead to bypassing...

CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

CVE-2025-46717

A flaw was found in sudo-rs. This vulnerability allows discovery of file existence via the --list command, which can reveal sensitive information...

GHSA-W9Q3-G4P5-5Q2R sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...

CVE-2025-46717

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

UBUNTU-CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

CVE-2025-46717

CVE-2025-46717 affects sudo-rs (Rust) prior to v0.2.6. The issue lets low-privilege, local users determine the existence/non-existence of files in directories they cannot access via sudo --list , causing information disclosure. The problem is fixed in v0.2.6; advisories from Fedora (and other sou...

CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in versions of sudo-rs prior to 0.2.6, which stems from the ability of a user to enumerate the permissions of other users, potentially leading to information...

Sudo Path Traversal Vulnerability

Sudo is a program used on Unix-like systems that allows users to execute commands with special privileges in a secure manner. A security vulnerability exists in Sudo-rs versions prior to 0.2.1, which stems from the fact that a username containing the . and / characters could cause specific files ...

PT-2023-6760 · Sudo-Rs +2 · Sudo-Rs +2

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.1 Description: The issue is related to the handling of usernames in sudo-rs, a memory-safe implementation of sudo and su. Usernames containing the . and / characters can result in the corruption of specific files...