Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
{
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/29xxx/CVE-2022-29527.json",
"cna_assigner": "mitre"
}{
"cpe": "cpe:2.3:a:amazon:amazon_ssm_agent:*:*:*:*:*:*:*:*",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.1.1208.0"
}
],
"source": [
"CPE_RANGE",
"REFERENCES"
]
}