CVE-2023-22809

Published Jan 18, 2023

Last updated a year ago

Overview

Description: In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Source: cve@mitre.org
NVD status: Analyzed

Hype score: Not currently trending

Whiterose TryHackMe Writeup https://t.co/ifweZSB4jE #writeup #tryhackme #new #IDOR #EJS #CVE-2023-22809 #sudoedit https://t.co/rAt8hLP2D6
@David_Uton
Nov 3, 2024 9:31 AM
63 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.8
Impact score: 5.9
Exploitability score: 1.8
Vector string: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-269

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E76D2160-BE9D-4C9E-B2AB-B52B3C84DAD7",
            "versionEndExcluding": "1.9.12",
            "versionStartIncluding": "1.8.0"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.9.12:-:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "30B5DA3F-091D-4627-A5C0-2D1487A378B0"
          },
          {
            "criteria": "cpe:2.3:a:sudo_project:sudo:1.9.12:p1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F30DC131-EACB-47C6-B6B7-FCB78DDBD059"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73"
          },
          {
            "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "ADD1755A-5CD2-4EED-8C6C-4729FADFA3F5",
            "versionEndExcluding": "13.4"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 3.1

Weaknesses

Configurations

References