71 matches found
CVE-2025-46717
A flaw was found in sudo-rs. This vulnerability allows discovery of file existence via the --list command, which can reveal sensitive information...
GHSA-W9Q3-G4P5-5Q2R sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...
CVE-2025-46717
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
UBUNTU-CVE-2025-46718
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
CVE-2025-46718
Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...
CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
CVE-2025-46717
CVE-2025-46717 affects sudo-rs (Rust) prior to v0.2.6. The issue lets low-privilege, local users determine the existence/non-existence of files in directories they cannot access via sudo --list , causing information disclosure. The problem is fixed in v0.2.6; advisories from Fedora (and other sou...
PT-2025-20703 · Sudo-Rs · Sudo-Rs
Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited or no sudo privileges to determine the existence of files in folders they cannot access using the sudo --list command. This can reveal sensitive information in...
PT-2025-20704 · Sudo-Rs · Sudo-Rs
Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. This can be achieved using the -U flag. Attackers...
sudo-rs 安全漏洞
sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in versions of sudo-rs prior to 0.2.6, which stems from the ability of a user to enumerate the permissions of other users, potentially leading to information...
sudo-rs 安全漏洞
sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in sudo-rs versions prior to 0.2.6, which stems from a user-detectable restricted directory file existence that could lead to information disclosure...
Fedora: Security Advisory for sudo-rs (FEDORA-2024-40ee18b2e7)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 39 Update: sudo-rs-0.2.2-3.fc39
A memory safe implementation of sudo and su...
Fedora: Security Advisory for sudo-rs (FEDORA-2024-ce2936b568)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
ROS-20240328-04
Vulnerability of Sudo-rs system administration programs is related to insufficient verification of command arguments entered by the user. of command arguments entered by the user. Exploitation of the vulnerability could allow an attacker acting remotely, escalate their privileges by creating a...
SUSE CVE-2023-42456
Sudo-rs, a memory safe implementation of sudo and su, allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to...
The vulnerability of the system administration programs Sudo-rs lies in insufficient validation of command arguments entered by users. This allows attackers to escalate their privileges by creating a specially crafted user name.
The vulnerability of the system administration programs Sudo-rs is related to insufficient checking of command arguments entered by users. Exploiting this vulnerability allows a malicious actor to enhance their privileges by creating a specially crafted user name...
GHSA-2R3C-M6V7-9354 sudo-rs Session File Relative Path Traversal vulnerability
Background Sudo-rs allows users to not have to enter authentication at every sudo attempt, but instead only requiring authentication every once in a while in every terminal or process group. Only once a configurable timeout has passed will the user have to re-authenticate themselves. Supporting...