CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

CVE-2025-46717 sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no or very limited sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo --list . Users with local access to a machine can discover the...

CVE-2025-46717

CVE-2025-46717 affects sudo-rs (Rust) prior to v0.2.6. The issue lets low-privilege, local users determine the existence/non-existence of files in directories they cannot access via sudo --list , causing information disclosure. The problem is fixed in v0.2.6; advisories from Fedora (and other sou...

PT-2025-20703 · Sudo-Rs · Sudo-Rs

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited or no sudo privileges to determine the existence of files in folders they cannot access using the sudo --list command. This can reveal sensitive information in...

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in versions of sudo-rs prior to 0.2.6, which stems from the ability of a user to enumerate the permissions of other users, potentially leading to information...

sudo-rs 安全漏洞

sudo-rs is an open source memory security implementation of sudo and su by Trifecta Tech Foundation. A security vulnerability exists in sudo-rs versions prior to 0.2.6, which stems from a user-detectable restricted directory file existence that could lead to information disclosure...

PT-2025-20704 · Sudo-Rs · Sudo-Rs

Name of the Vulnerable Software and Affected Versions: sudo-rs versions prior to 0.2.6 Description: The issue allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. This can be achieved using the -U flag. Attackers...

Disable the Root User from Logging in to the System Using SSH

The PermitRootLogin parameter in the SSH configuration file /etc/ssh/sshdconfig specifies whether the root user can log in to the system using SSH. The root user is not allowed to log in to the system using SSH. System administrators must use their own user to log in to the system using SSH and r...

Ensure That Common Users Run Privileged Programs Using the sudo Command

The sudo command enables a specified common user to execute certain programs with the root permission. Most system management commands need to be executed by the root user. For the system administrator, properly authorizing other users can reduce the burden of the system administrator. However,...

Configure Audit Rules for Privilege Escalation Operations

In openEuler, logs of privilege escalation operations using the sudo command are recorded in the /var/log/secure file by default. This file also records other authentication-related security logs. If you want to audit privilege escalation operations using sudo, you are advised to record logs...

CVE-2025-32980

NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration...

CVE-2025-32980

NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration...

PT-2025-17938 · Unknown · Ngeniusone

Name of the Vulnerable Software and Affected Versions: nGeniusONE versions prior to 6.4.0 b2350 Description: The issue is related to a weak sudo configuration. Recommendations: For versions prior to 6.4.0 b2350, update to version 6.4.0 b2350 or later to resolve the issue...

CVE-2025-32980

NETSCOUT nGeniusONE is affected by CVE-2025-32980 due to a weak sudo configuration in versions prior to 6.4.0 P11 b3245. The root cause is described as an improper sudo setup, enabling elevated privileges under certain conditions. Remediation per PT-2025-17938 indicates upgrading to version 6.4.0...

CVE-2025-32980

NETSCOUT nGeniusONE before 6.4.0 P11 b3245 has a Weak Sudo Configuration...

CVE-2025-32955

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

GHSA-MXR3-8WHJ-J74R Harden-Runner allows evasion of 'disable-sudo' policy

Summary Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with...

Harden-Runner allows evasion of 'disable-sudo' policy

Summary Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemented by removing the runner user from the sudoers file. However, this control can be bypassed as the runner user, being part of the docker group, can interact with...

CVE-2025-32955

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...

CVE-2025-32955 Harden-Runner Evasion of 'disable-sudo' policy

Harden-Runner is a CI/CD security agent that works like an EDR for GitHub Actions runners. Versions from 0.12.0 to before 2.12.0 are vulnerable to disable-sudo bypass. Harden-Runner includes a policy option disable-sudo to prevent the GitHub Actions runner user from using sudo. This is implemente...