← back
CVE-2010-2757

CVE-2010-2757

EPSS 1.3%
The sudo feature in Bugzilla 2.22rc1 through 3.2.7, 3.3.1 through 3.4.7, 3.5.1 through 3.6.1, and 3.7 through 3.7.2 does not properly send impersonation notifications, which makes it easier for remote authenticated users to impersonate other users without discovery.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://lists.fedoraproject.org/pipermail/package-announce/2010-August/046518.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-August/046534.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2010-August/046546.htmlhttps://bugzilla.mozilla.org/show_bug.cgi?id=450013https://bugzilla.redhat.com/show_bug.cgi?id=623423http://secunia.com/advisories/40892http://secunia.com/advisories/41128http://www.bugzilla.org/security/3.2.7/http://www.securityfocus.com/bid/42275http://www.vupen.com/english/advisories/2010/2035http://www.vupen.com/english/advisories/2010/2205