CVE-2023-22809

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-22809

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-22809.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-22809

Downstream

ALPINE-CVE-2023-22809

DEBIAN-CVE-2023-22809

DLA-3272-1

DSA-5321-1

OESA-2023-1049

RHSA-2023:0280

RHSA-2023:0281

RHSA-2023:0282

RHSA-2023:0283

RHSA-2023:0284

RHSA-2023:0287

RHSA-2023:0291

RHSA-2023:0292

RHSA-2023:0293

RHSA-2023:0859

RHSA-2023:3262

RHSA-2023:3264

RHSA-2023:3276

SUSE-SU-2023:0100-1

SUSE-SU-2023:0101-1

SUSE-SU-2023:0114-1

SUSE-SU-2023:0115-1

SUSE-SU-2023:0116-1

SUSE-SU-2023:0117-1

UBUNTU-CVE-2023-22809

USN-5811-1

USN-5811-2

USN-5811-3

openSUSE-SU-2024:12638-1

Related

Published

2023-01-18T17:15:10Z

Modified

2025-10-21T02:34:27Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

References

Affected packages

Git / github.com/millert/sudo

Affected ranges

Type: GIT
Repo: https://github.com/millert/sudo
Events: Introduced

4333b06914558093a327ee445699c479a57933a4

Fixed

c684bf08307b3270a62f2130bafb37c36aa3c99e