Information Disclosure

2021-01-1221:16:53

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

2.5 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

1.9 Low

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

JSON

sudo is vulnerable to information disclosure. The sudoedit personality allows a local unprivileged user to determine the existence of an arbitrary directory by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

CPENameOperatorVersion
sudo:sideq1.9.3p1-1
sudo:bullseyeeq1.9.3p1-1
sudo:3.12eq1.9.0-r0
sudo:groovyeq1.9.1-1ubuntu1
sudo:xenialeq1.8.16-0ubuntu1.9
sudo:xenialeq1.8.16-0ubuntu1
sudo:bioniceq1.8.21p2-3ubuntu1.3
sudo:bioniceq1.8.21p2-3ubuntu1
sudo:bioniceq1.8.21p2-3ubuntu1.2
sudo:focaleq1.8.31-1ubuntu1

Name	Operator	Version
sudo:sid	eq	1.9.3p1-1
sudo:bullseye	eq	1.9.3p1-1
sudo:3.12	eq	1.9.0-r0
sudo:groovy	eq	1.9.1-1ubuntu1
sudo:xenial	eq	1.8.16-0ubuntu1.9
sudo:xenial	eq	1.8.16-0ubuntu1
sudo:bionic	eq	1.8.21p2-3ubuntu1.3
sudo:bionic	eq	1.8.21p2-3ubuntu1
sudo:bionic	eq	1.8.21p2-3ubuntu1.2
sudo:focal	eq	1.8.31-1ubuntu1