CVE-2021-23239

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-23239

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-23239.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-23239

Downstream

ALPINE-CVE-2021-23239

DEBIAN-CVE-2021-23239

DLA-3181-1

OESA-2021-1002

RHSA-2021:1723

SUSE-SU-2021:0225-1

SUSE-SU-2021:0226-1

SUSE-SU-2021:0227-1

SUSE-SU-2021:0232-1

UBUNTU-CVE-2021-23239

USN-4705-1

openSUSE-SU-2021:0169-1

openSUSE-SU-2021:0170-1

openSUSE-SU-2024:11413-1

Related

Published

2021-01-12T09:15:14Z

Modified

2025-10-28T04:06:40.887797Z

Severity

2.5 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The sudoedit personality of Sudo before 1.9.5 may allow a local unprivileged user to perform arbitrary directory-existence tests by winning a sudo_edit.c race condition in replacing a user-controlled directory by a symlink to an arbitrary path.

References

Affected packages

Git / github.com/millert/sudo

Affected ranges

Type: GIT
Repo: https://github.com/millert/sudo
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

caa666c2dfa1f4286ccfbed5e512432665b72d3a

Git / github.com/sudo-project/sudo

Affected ranges

Type: GIT
Repo: https://github.com/sudo-project/sudo
Events: Introduced

83d1bee918147a57804de77d3e1064a4e323f47e

Fixed

10d072a320c885e2e805ef2e47fe7a2ebde68abc

Affected versions

Other

SUDO_1_9_0

SUDO_1_9_1

SUDO_1_9_2

SUDO_1_9_3

SUDO_1_9_3p1

SUDO_1_9_4

SUDO_1_9_4p1

SUDO_1_9_4p2

v1.*

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.3p1

v1.9.4

v1.9.4p1

v1.9.4p2