← back
CVE-2023-22809

CVE-2023-22809

CVSS 7.8 HIGHEPSS 55.4%CWE-269
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found16
githubgithub.com/n3m1sys/CVE-2023-22809-sudoedit-privesc165githubgithub.com/asepsaepdin/CVE-2023-228096githubgithub.com/M4fiaB0y/CVE-2023-228096githubgithub.com/P4x1s/CVE-2023-22809-sudo-POC6githubgithub.com/Toothless5143/CVE-2023-228092githubgithub.com/Chan9Yan9/CVE-2023-228092githubgithub.com/D0rDa4aN919/CVE-2023-22809-Exploiter2githubgithub.com/Spydomain/CVE-2023-22809-automated-python-exploits1githubgithub.com/laxmiyamkolu/SUDO-privilege-escalation0githubgithub.com/ValeuDoamne/CVE-2023-228090githubgithub.com/hello4r1end/patch_CVE-2023-228090githubgithub.com/pashayogi/CVE-2023-228090exploitdbwww.exploit-db.com/exploits/51217unverifiedcve_referencepacketstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.htmlunverifiedcve_referencepacketstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.htmlunverifiedcve_referencepacketstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.htmlunverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.htmlhttp://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.htmlhttp://seclists.org/fulldisclosure/2023/Aug/21https://lists.debian.org/debian-lts-announce/2023/01/msg00012.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2QDGFCGAV5QRJCE6IXRXIS4XJHS57DDH/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/G4YNBTTKTRT2ME3NTSXAPTOKYUE47XHZ/https://security.gentoo.org/glsa/202305-12https://security.netapp.com/advisory/ntap-20230127-0015/https://support.apple.com/kb/HT213758https://www.debian.org/security/2023/dsa-5321https://www.sudo.ws/security/advisories/sudoedit_any/