CVE-2021-23239

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.
Link Following
Severity
LOW
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Atk. Vector
LOCAL
Atk. Complexity
HIGH
Priv. Required
LOW
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
VendorProductVersion
sudo_projectsudo
𝑥
< 1.8.32
sudo_projectsudo
1.9.0 ≤
𝑥
< 1.9.5
netappcloud_backup
-
netapphci_management_node
-
netappsolidfire
-
debiandebian_linux
10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sudo
bullseye (security)
1.9.5p2-3+deb11u1
fixed
bullseye
1.9.5p2-3+deb11u1
fixed
stretch
no-dsa
bookworm
1.9.13p3-1+deb12u1
fixed
sid
1.9.16-2
fixed
trixie
1.9.16-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sudo
noble
Fixed 1.9.4p2-2ubuntu2
released
mantic
Fixed 1.9.4p2-2ubuntu2
released
lunar
Fixed 1.9.4p2-2ubuntu2
released
kinetic
Fixed 1.9.4p2-2ubuntu2
released
jammy
Fixed 1.9.4p2-2ubuntu2
released
impish
Fixed 1.9.4p2-2ubuntu2
released
hirsute
Fixed 1.9.4p2-2ubuntu2
released
groovy
Fixed 1.9.1-1ubuntu1.1
released
focal
Fixed 1.8.31-1ubuntu1.2
released
bionic
Fixed 1.8.21p2-3ubuntu1.4
released
xenial
Fixed 1.8.16-0ubuntu1.10
released
trusty
needed