CVE-2023-7090

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:45

Type Values Removed Values Added
References () https://access.redhat.com/security/cve/CVE-2023-7090 - Third Party Advisory () https://access.redhat.com/security/cve/CVE-2023-7090 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - Issue Tracking, Patch, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - Issue Tracking, Patch, Third Party Advisory
References () https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html - () https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html -
References () https://security.netapp.com/advisory/ntap-20240208-0001/ - () https://security.netapp.com/advisory/ntap-20240208-0001/ -
References () https://www.sudo.ws/releases/legacy/#1.8.28 - Release Notes () https://www.sudo.ws/releases/legacy/#1.8.28 - Release Notes
CVSS v2 : unknown
v3 : 8.8
v2 : unknown
v3 : 6.6

08 Feb 2024, 10:15

Type Values Removed Values Added
References
  • () https://security.netapp.com/advisory/ntap-20240208-0001/ -

03 Feb 2024, 11:15

Type Values Removed Values Added
References
  • () https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html -

03 Jan 2024, 20:22

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 6.6
v2 : unknown
v3 : 8.8
First Time Sudo Project
Sudo Project sudo
CPE cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Summary
  • (es) Se encontró una falla en sudo en el manejo de ipa_hostname, donde ipa_hostname de /etc/sssd/sssd.conf no se propagó en sudo. Por lo tanto, genera una vulnerabilidad de mala gestión de privilegios en las aplicaciones, donde los hosts de los clientes conservan los privilegios incluso después de retirarlos.
References () https://access.redhat.com/security/cve/CVE-2023-7090 - () https://access.redhat.com/security/cve/CVE-2023-7090 - Third Party Advisory
References () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - Issue Tracking, Patch, Third Party Advisory
References () https://www.sudo.ws/releases/legacy/#1.8.28 - () https://www.sudo.ws/releases/legacy/#1.8.28 - Release Notes

23 Dec 2023, 23:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-23 23:15

Updated : 2024-11-21 08:45


NVD link : CVE-2023-7090

Mitre link : CVE-2023-7090

CVE.ORG link : CVE-2023-7090


JSON object : View

Products Affected

sudo_project

  • sudo
CWE
CWE-269

Improper Privilege Management