CVE-2023-22809
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
| Vendor | Product | Versions |
|---|---|---|
| sudo_project | sudo | 1.9.12, 1.8.0, 1.8.2, 1.8.7, 1.8.8, 1.8.9, 1.8.10, 1.8.11, 1.8.12, 1.8.13, 1.8.14, 1.8.15, 1.8.16, 1.8.17, 1.8.18, 1.8.19, 1.8.20, 1.8.21, 1.8.22, 1.8.23, 1.8.24, 1.8.25, 1.8.26, 1.8.27, 1.8.30, 1.8.31, 1.8.32, 1.9.0, 1.9.1, 1.9.2, 1.9.9, 1.9.10, 1.9.12 |
| debian | debian_linux | 10.0, 11.0 |
| fedoraproject | fedora | 37 |