Lucene search

K

Redhat.comRH:CVE-2023-28486

HistoryMar 17, 2023 - 8:12 a.m.

CVE-2023-28486

2023-03-1708:12:57

redhat.com

access.redhat.com

12

cve-2023-28486

sudo package

red hat enterprise linux

logging flaw

terminal control commands

information leak

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.4%

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where sudo improperly escapes terminal control characters during logging operations. As sudo’s log messages may contain user-controlled strings, this may allow an attacker to inject terminal control commands, leading to a leak of restricted information.

References

bugzilla.redhat.com/show_bug.cgi?id=2179272

nvd.nist.gov/vuln/detail/CVE-2023-28486

www.cve.org/CVERecord?id=CVE-2023-28486

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.4%

Related for RH:CVE-2023-28486

cbl_mariner1 osv5 cvelist1 veracode1 prion1 alpinelinux1 cve1 ubuntucve2 redos1 debiancve1 nvd1 amazon1 nessus27 openvas16 ubuntu2 mageia1 cloudfoundry1 photon2 oraclelinux1 debian1 gentoo1 redhat3 almalinux1 ibm2 ics1