Lucene search
K

71 matches found

RedhatCVE
RedhatCVE
added 2025/05/14 2:56 a.m.17 views

CVE-2025-46717

A flaw was found in sudo-rs. This vulnerability allows discovery of file existence via the --list command, which can reveal sensitive information...

3.3CVSS6.9AI score0.00307EPSS
Exploits1References5
OSV
OSV
added 2025/05/13 8:5 p.m.3 views

GHSA-W9Q3-G4P5-5Q2R sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...

3.3CVSS6.9AI score0.00222EPSS
Exploits1References4
NVD
NVD
added 2025/05/12 3:16 p.m.17 views

CVE-2025-46717

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

3.3CVSS0.00307EPSS
Exploits1References2
OSV
OSV
added 2025/05/12 3:16 p.m.3 views

UBUNTU-CVE-2025-46718

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

3.3CVSS6AI score0.00222EPSS
Exploits1References3
OSV
OSV
added 2025/05/12 2:54 p.m.8 views

CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...

3.3CVSS4.6AI score0.00222EPSS
Exploits1References4
CVE
CVE
added 2025/05/12 2:54 p.m.70 views

CVE-2025-46718

Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...

3.3CVSS6.8AI score0.00222EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/05/12 2:52 p.m.20 views

CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

3.3CVSS0.00307EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2025/05/12 2:52 p.m.6 views

CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

3.3CVSS3.7AI score0.00307EPSS
Exploits1References2
CVE
CVE
added 2025/05/12 2:52 p.m.69 views

CVE-2025-46717

CVE-2025-46717 affects sudo-rs (Rust) prior to v0.2.6. The issue lets low-privilege, local users determine the existence/non-existence of files in directories they cannot access via sudo --list , causing information disclosure. The problem is fixed in v0.2.6; advisories from Fedora (and other sou...

3.3CVSS6.3AI score0.00307EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.2 views

PT-2025-20703 · Sudo-Rs · Sudo-Rs

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited or no sudo privileges to determine the existence of files in folders they cannot access using the sudo --list command. This can reveal sensitive information in...

3.3CVSS3.6AI score0.00307EPSS
Exploits1References15
Positive Technologies
Positive Technologies
added 2025/05/12 12:0 a.m.4 views

PT-2025-20704 · Sudo-Rs · Sudo-Rs

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. This can be achieved using the -U flag. Attackers...

3.3CVSS3.8AI score0.00222EPSS
Exploits1References16
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.4 views

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in versions of sudo-rs prior to 0.2.6, which stems from the ability of a user to enumerate the permissions of other users, potentially leading to information...

3.3CVSS4.2AI score0.00222EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/05/12 12:0 a.m.3 views

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in sudo-rs versions prior to 0.2.6, which stems from a user-detectable restricted directory file existence that could lead to information disclosure...

3.3CVSS4.1AI score0.00307EPSS
Exploits1References2
OpenVAS
OpenVAS
added 2024/06/07 12:0 a.m.10 views

Fedora: Security Advisory for sudo-rs (FEDORA-2024-40ee18b2e7)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Fedora
Fedora
added 2024/06/02 3:39 a.m.12 views

[SECURITY] Fedora 39 Update: sudo-rs-0.2.2-3.fc39

A memory safe implementation of sudo and su...

7.3AI score
Exploits0
OpenVAS
OpenVAS
added 2024/05/27 12:0 a.m.6 views

Fedora: Security Advisory for sudo-rs (FEDORA-2024-ce2936b568)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Redos
Redos
added 2024/03/28 12:0 a.m.41 views

ROS-20240328-04

Vulnerability of Sudo-rs system administration programs is related to insufficient verification of command arguments entered by the user. of command arguments entered by the user. Exploitation of the vulnerability could allow an attacker acting remotely, escalate their privileges by creating a...

8.1CVSS7.1AI score0.00571EPSS
Exploits1
SUSE CVE
SUSE CVE
added 2023/12/06 2:4 a.m.4 views

SUSE CVE-2023-42456

Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...

3.1CVSS7.4AI score0.00571EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2023/11/10 12:0 a.m.6 views

The vulnerability of the system administration programs Sudo-rs lies in insufficient validation of command arguments entered by users. This allows attackers to escalate their privileges by creating a specially crafted user name.

The vulnerability of the system administration programs Sudo-rs is related to insufficient checking of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a specially crafted user name...

9CVSS7.4AI score0.00571EPSS
Exploits0References6Affected Software2
OSV
OSV
added 2023/09/21 5:7 p.m.24 views

GHSA-2R3C-M6V7-9354 sudo-rs Session File Relative Path Traversal vulnerability

Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...

3.3CVSS7.7AI score0.00571EPSS
Exploits0References9
Rows per page
Query Builder