Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

7 matches found

OSV
OSVadded 2023/01/30 1:51 p.m.1 views

USN-5811-3 sudo vulnerability

USN-5811-1 fixed a vulnerability in Sudo. This update provides the corresponding update for Ubuntu 14.04 ESM. Original advisory details: Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has...

7.8CVSS7.2AI score0.39861EPSS
Exploits20References2
RedHat Linux
RedHat Linuxadded 2023/01/23 9:21 a.m.2 views

sudo: arbitrary file write with privileges of the RunAs user

A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user usually root. The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a fil...

7.8CVSS7.3AI score0.39861EPSS
Exploits20References6
OSV
OSVadded 2023/01/18 5:44 p.m.3 views

USN-5811-1 sudo vulnerabilities

Matthieu Barjole and Victor Cutillas discovered that Sudo incorrectly handled user-specified editors when using the sudoedit command. A local attacker that has permission to use the sudoedit command could possibly use this issue to edit arbitrary files. CVE-2023-22809 It was discovered that the...

7.8CVSS6.9AI score0.39861EPSS
Exploits21References3
OSV
OSVadded 2023/01/18 12:0 a.m.0 views

UBUNTU-CVE-2023-22809

In Sudo before 1.9.12p2, the sudoedit aka -e feature mishandles extra arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR, allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected...

7.8CVSS7.2AI score0.39861EPSS
Exploits20References5
Microsoft CVE
Microsoft CVEadded 2021/01/15 8:0 a.m.3 views

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

...

7.8CVSS7AI score0.00208EPSS
Exploits1
Packet Storm
Packet Stormadded 2004/09/21 12:0 a.m.33 views

sudoedit.txt

Reference http://www.sudo.ws/sudo/alerts/sudoedit.html Summary A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that can give an attacker read permission to a file that would otherwise be unreadable. Sudo versions affected 1.6.8 only Details While sudoedit runs the actual...

7.4AI score
Exploits0
securityvulns
securityvulnsadded 2004/09/17 12:0 a.m.32 views

Sudoedit can expose file contents

Sudoedit can expose file contents Summary: A flaw in exists in sudo's -u option aka sudoedit in sudo version 1.6.8 that can give an attacker read permission to a file that would otherwise be unreadable. Sudo versions affected: 1.6.8 only Details: While sudoedit runs the actual editor as the...

2.2AI score
Exploits0
Rows per page
Query Builder