A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2023-7090 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html | |
https://security.netapp.com/advisory/ntap-20240208-0001/ | |
https://www.sudo.ws/releases/legacy/#1.8.28 | Release Notes |
https://access.redhat.com/security/cve/CVE-2023-7090 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2255723 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html | |
https://security.netapp.com/advisory/ntap-20240208-0001/ | |
https://www.sudo.ws/releases/legacy/#1.8.28 | Release Notes |
Configurations
History
21 Nov 2024, 08:45
Type | Values Removed | Values Added |
---|---|---|
References | () https://access.redhat.com/security/cve/CVE-2023-7090 - Third Party Advisory | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html - | |
References | () https://security.netapp.com/advisory/ntap-20240208-0001/ - | |
References | () https://www.sudo.ws/releases/legacy/#1.8.28 - Release Notes | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 6.6 |
08 Feb 2024, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
03 Jan 2024, 20:22
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:* | |
References | () https://bugzilla.redhat.com/show_bug.cgi?id=2255723 - Issue Tracking, Patch, Third Party Advisory | |
References | () https://www.sudo.ws/releases/legacy/#1.8.28 - Release Notes | |
References | () https://access.redhat.com/security/cve/CVE-2023-7090 - Third Party Advisory | |
CWE | CWE-269 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
23 Dec 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-23 23:15
Updated : 2024-11-21 08:45
NVD link : CVE-2023-7090
Mitre link : CVE-2023-7090
CVE.ORG link : CVE-2023-7090
JSON object : View
Products Affected
sudo_project
- sudo
CWE
CWE-269
Improper Privilege Management