CVSS2
Attack Vector
LOCAL
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
17.2%
Todd Miller reports:
Beginning with sudo version 1.7.0 it has been possible
to grant permission to run a command using a specified
group via sudo’s -g option (run as group), if allowed by
the sudoers file. A flaw exists in sudo’s password
checking logic that allows a user to run a command
with only the group changed without being prompted
for a password.