CVE-2023-22809

Sudo Permission Elevation Vulnerability (CVE-2023-22809) Notification

March 31, 2023

Overview Recently, NSFOCUS CERT found that the analysis article and ExP of Sudo privilege enhancement vulnerability (CVE-2023-22809) were publicly disclosed online. Since sudoedit in Sudo has a flaw in handling additional parameters passed in user provided environment variables such as SUDO_EDITOR, VISUAL, and EDITOR., when a user specified editor contains a “–” parameter that bypasses […]

Search

Subscribe to the NSFOCUS Blog