7.2 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
0.001 Low
EPSS
Percentile
25.9%
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a
symlink attack on a file whose full path is defined using multiple
wildcards in /etc/sudoers, as demonstrated by “/home///file.txt.”
Author | Note |
---|---|
mdeslaur | Backporting the fix for this issue is risky, may introduce regressions, and will change behaviour for existing users, possibly preventing them from using their existing configuration. For this reason, we will not be fixing this issue in stable releases. |