4721 matches found
Fedora 41 : sudo-rs (2025-6a67917349)
The remote Fedora 41 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-6a67917349 advisory. Update to version 0.2.6. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not...
Security Bulletin: Vulnerability in Sudo affects IBM Integrated Analytics System (Sailfish)[CVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465].
Summary The Sudo package is used by IBM Integrated Analytics System . IBM Integrated Analytics System has addressed the applicable CVECVE-2023-22809, CVE-2023-28486, CVE-2023-28487, CVE-2023-42465. Vulnerability Details CVEID:CVE-2023-22809 DESCRIPTION: In Sudo before 1.9.12p2, the sudoedit aka -...
CVE-2025-46718
A flaw was found in sudo-rs. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions via the -U flag. Mitigation Mitigation for this issue is either not available or the currently available options ...
CVE-2025-46717
A flaw was found in sudo-rs. This vulnerability allows discovery of file existence via the --list command, which can reveal sensitive information...
Alibaba Cloud Linux 3 : 0113: sudo (ALINUX3-SA-2022:0113)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2022:0113 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2019-14287: In Sudo before 1.8.28, an...
Alibaba Cloud Linux 3 : 0034: sudo (ALINUX3-SA-2024:0034)
The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2024:0034 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-28486: Sudo before 1.9.13 does no...
GHSA-W9Q3-G4P5-5Q2R sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...
sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
Summary Users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo. PoC The initial test has been done in a container running Ubuntu 24.04 and installing oxidizr, running sudo-rs 0.2.2...
sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
Summary Users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . PoC As root: mkdir /tmp/foo chmod a-rwx /tmp/foo touch /tmp/foo/secretfile As a user without any or limited sudo rights: $ sudo --list...
GHSA-98CV-WQJX-WX8F sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders
Summary Users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . PoC As root: mkdir /tmp/foo chmod a-rwx /tmp/foo touch /tmp/foo/secretfile As a user without any or limited sudo rights: $ sudo --list...
CVE-2025-46717
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
DEBIAN-CVE-2025-46718
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
CVE-2025-46718
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
DEBIAN-CVE-2025-46717
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
UBUNTU-CVE-2025-46718
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
UBUNTU-CVE-2025-46717
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...
CVE-2025-46718
Summary: CVE-2025-46718 affects the Rust implementation of sudo-rs prior to 0.2.6. A limited sudo privilege (e.g., allowing a single command) can be exploited to enumerate the sudoers file using the -U flag, exposing sensitive information about other users’ permissions. This is a local attack wit...
CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...
CVE-2025-46718 sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others
sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges e.g. execution of a single command can list sudo privileges of other users using the -U flag. This vulnerability allows users with limited sudo privileges to enumerat...