4.4
CVSSv2

CVE-2021-23240

Published: 12/01/2021 Updated: 14/01/2021
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

selinux_edit_copy_tfiles in sudoedit in Sudo prior to 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sudo project sudo