CVE-2023-28487

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2023-28487
Sudo before 1.9.13 does not escape control characters in sudoreplay output.

5.3 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/sudo-project/sudo/commit/334daf92b31b79ce68ed75e2ee14fca265f029ca Patch
https://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_13 Release Notes
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*
Information

Published : 2023-03-15 18:15

Updated : 2023-03-22 08:01

NVD link : CVE-2023-28487

Mitre link : CVE-2023-28487

JSON object : View

CWE
CWE-116

Improper Encoding or Escaping of Output

Advertisement

dedicated server usa
Products Affected

sudo_project

  • sudo