5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
19.6%
sudo is vulnerable to Information Disclosure. The vulnerability exists due to the library does not properly escape the control characters in log messages, which allows an attacker to gain sensitive information
git://git.launchpad.net/ubuntu-cve-tracker/tree/active/CVE-2023-28486
github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca
github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13
lists.debian.org/debian-lts-announce/2024/02/msg00002.html
security.gentoo.org/glsa/202309-12
security.netapp.com/advisory/ntap-20230420-0002/
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
0.001 Low
EPSS
Percentile
19.6%