cbcvebase.
CVE-2023-22809
published 2023-01-18

CVE-2023-22809: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and…

high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EXPLOIT
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

Affected

24 ranges
VendorProductVersion rangeFixed in
applemacos< 13.413.4
applemacos_ventura
debiandebian_linux
debiandebian_linux
debiansudo< sudo 1.9.12p2-1 (bookworm)sudo 1.9.12p2-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
msrccbl2_sudo_1.9.12p2-1_on_cbl_mariner_2.0
msrccm1_sudo_1.9.12p2-1_on_cbl_mariner_1.0
paloaltocloud_ngfw
paloaltopan-os
paloaltoprisma_access
paloaltoprisma_sd-wan_ion
sudo_projectsudo
sudo_projectsudo>= 0 < 1.9.5p2-3+deb11u11.9.5p2-3+deb11u1
sudo_projectsudo>= 0 < 1.9.12p2-11.9.12p2-1
sudo_projectsudo>= 0 < 1.9.12p2-11.9.12p2-1
sudo_projectsudo>= 0 < 1.9.12p2-11.9.12p2-1
sudo_projectsudo>= 0 < 1.8.21p2-3ubuntu1.51.8.21p2-3ubuntu1.5
sudo_projectsudo>= 0 < 1.8.31-1ubuntu1.41.8.31-1ubuntu1.4
sudo_projectsudo>= 0 < 1.9.9-1ubuntu2.21.9.9-1ubuntu2.2
sudo_projectsudo>= 0 < 1.8.9p5-1ubuntu1.5+esm71.8.9p5-1ubuntu1.5+esm7
sudo_projectsudo>= 0 < 1.8.16-0ubuntu1.10+esm11.8.16-0ubuntu1.10+esm1
sudo_projectsudo>= 1.8.0 < 1.9.121.9.12

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.8HIGH
vulncheck7.8HIGH