CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:L/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
26.0%
sudoedit in Sudo before 1.8.15 allows local users to gain privileges via a
symlink attack on a file whose full path is defined using multiple
wildcards in /etc/sudoers, as demonstrated by “/home///file.txt.”
Author | Note |
---|---|
mdeslaur | Backporting the fix for this issue is risky, may introduce regressions, and will change behaviour for existing users, possibly preventing them from using their existing configuration. For this reason, we will not be fixing this issue in stable releases. |