Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2023-22809

CWE-269 — Improper Privilege Management17 documents12 sources

Severity

7.8HIGH

EPSS

48.0%

top 2.28%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Apple Macos Sudo Project Sudo Debian Debian Linux +1 more

Timeline

PublishedJan 18

Latest updateJul 15

Description

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file'…

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages4 packages

▶NVDsudo_project/sudo1.8.0 — 1.9.12+1

▶Debiansudo< 1.9.5p2-3+deb11u1+3

▶Ubuntusudo< 1.8.21p2-3ubuntu1.5+4

▶NVDapple/macos< 13.4

Also affects: Debian Linux 10.0, 11.0, Fedora 36, 37

🔴Vulnerability Details

OSV

sudo vulnerability↗2023-01-30

▶

OSV

sudo vulnerability↗2023-01-18

▶

OSV

CVE-2023-22809: In Sudo before 1↗2023-01-18

▶

GHSA

GHSA-3vwp-294x-6v9c: In Sudo before 1↗2023-01-18

▶

OSV

sudo vulnerabilities↗2023-01-18

▶

💥Exploits & PoCs

Exploit-DB

sudo 1.8.0 to 1.9.12p1 - Privilege Escalation↗2023-04-03

▶

📋Vendor Advisories

Oracle

Oracle Oracle Communications Risk Matrix: Platform (Sudo) — CVE-2023-22809↗2023-07-15

▶

Apple

CVE-2023-22809: macOS Ventura 13.4↗2023-05-18

▶

Ubuntu

Sudo vulnerability↗2023-01-30

▶

Red Hat

sudo: arbitrary file write with privileges of the RunAs user↗2023-01-18

▶

Ubuntu

Sudo vulnerability↗2023-01-18

▶