Alpaquita LinuxStreamSecurity Advisory
Search Cve

CVE-2021-23239

Published: August 31, 2023Last modified: August 31, 2023

Description

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

Severity score breakdown

ParameterValue
Base score2.5
Attack VectorLOCAL
Attack complexityHIGH
Privileges requiredLOW
User interactionNONE
ScopeUNCHANGED
ConfidentialityLOW
Integrity impactNONE
Availability impactNONE
VectorCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Status

ProductReleasePackageStatus
Alpaquita Linux23 LTSsudoNot affected (1.9.12_p2-r1)
StreamsudoNot affected (1.9.14_p3-r0)

References

ON THIS PAGE