CVE-2022-29527

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-29527
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29527.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-29527
Downstream
Related
Published
2022-04-20T10:15:08.073Z
Modified
2026-04-10T04:52:12.826078Z
Severity
  • 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.

References

Affected packages

Git / github.com/aws/amazon-ssm-agent

Affected ranges

Type
GIT
Repo
https://github.com/aws/amazon-ssm-agent
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
b3a8f2b875b989032909ba128145a4ceb30754fd
Fixed
0fe8ae99b2ff25649c7b86d3bc05fc037400aca7
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.1.1208.0"
        }
    ]
}

Affected versions

2.*
2.0.599.0
2.0.672.0
2.0.755.0
2.0.767.0
2.0.790.0
2.0.796.0
2.0.805.0
2.2.325.0
2.2.355.0
2.2.392.0
2.2.493.0
2.2.546.0
2.2.607.0
2.2.619.0
2.2.800.0
2.3.117.0
2.3.136.0
2.3.193.0
2.3.50.0
2.3.68.0
3.*
3.0.1031.0
3.0.1124.0
3.0.1181.0
3.0.1209.0
3.0.1295.0
3.0.1390.0
3.0.222.0
3.0.502.0
3.0.529.0
3.0.603.0
3.0.655.0
3.0.732.0
3.0.755.0
3.0.854.0
3.0.882.0
3.1.1004.0
3.1.1045.0
3.1.1080.0
3.1.1141.0
3.1.1188.0
3.1.127.0
3.1.192.0
3.1.282.0
3.1.338.0
3.1.426.0
3.1.459.0
3.1.501.0
3.1.630.0
3.1.634.0
3.1.715.0
3.1.804.0
3.1.821.0
3.1.90.0
3.1.941.0
v1.*
v1.1.145.0
v1.1.146.0
v1.2.252.0
v1.2.290.0
v2.*
v2.0.633.0
v2.0.755.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-29527.json"