CVE-2022-29527

Source
https://cve.org/CVERecord?id=CVE-2022-29527
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29527.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-29527
Downstream
Related
Published
2022-04-20T09:09:07Z
Modified
2026-07-15T01:49:02.297926235Z
Summary
[none]
Details

Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29527.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/aws/amazon-ssm-agent

Affected ranges

Type
GIT
Repo
https://github.com/aws/amazon-ssm-agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:amazon:amazon_ssm_agent:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.1208.0"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

2.*
2.0.599.0
2.0.672.0
2.0.755.0
2.0.767.0
2.0.790.0
2.0.796.0
2.0.805.0
2.2.325.0
2.2.355.0
2.2.392.0
2.2.493.0
2.2.546.0
2.2.607.0
2.2.619.0
2.2.800.0
2.3.117.0
2.3.136.0
2.3.193.0
2.3.50.0
2.3.68.0
3.*
3.0.1031.0
3.0.1124.0
3.0.1181.0
3.0.1209.0
3.0.1295.0
3.0.1390.0
3.0.222.0
3.0.502.0
3.0.529.0
3.0.603.0
3.0.655.0
3.0.732.0
3.0.755.0
3.0.854.0
3.0.882.0
3.1.1004.0
3.1.1045.0
3.1.1080.0
3.1.1141.0
3.1.1188.0
3.1.127.0
3.1.192.0
3.1.282.0
3.1.338.0
3.1.426.0
3.1.459.0
3.1.501.0
3.1.630.0
3.1.634.0
3.1.715.0
3.1.804.0
3.1.821.0
3.1.90.0
3.1.941.0
v1.*
v1.1.145.0
v1.1.146.0
v1.2.252.0
v1.2.290.0
v2.*
v2.0.633.0
v2.0.755.0

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29527.json"