A security issue has been found in OpenDoas prior to 6.8.1, where rules that allowed the user to execute any command would inherit the executing user's PATH instead of resetting it to a default PATH. Rules that limit the user to execute only a specific command are not affected by this and are only executed from the default PATH and with the PATH environment variable set to the safe default.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
opendoas project opendoas |