Lucene search

K

Redhat.comRH:CVE-2023-28487

HistoryMar 17, 2023 - 8:13 a.m.

CVE-2023-28487

2023-03-1708:13:07

redhat.com

access.redhat.com

18

sudo

red hat enterprise linux

injection vulnerability

terminal control characters

information leakage

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.4%

A flaw was found in the sudo package, shipped with Red Hat Enterprise Linux 8 and 9, where the "sudoreplay -l’ command improperly escapes terminal control characters. As sudo’s log messages may contain user-controlled strings, this could allow an attacker to inject terminal control commands, leading to a leak of restricted information.

References

bugzilla.redhat.com/show_bug.cgi?id=2179273

nvd.nist.gov/vuln/detail/CVE-2023-28487

www.cve.org/CVERecord?id=CVE-2023-28487

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.001 Low

EPSS

Percentile

33.4%

Related for RH:CVE-2023-28487

cbl_mariner1 nvd1 osv5 debiancve1 cvelist1 veracode1 prion1 cve1 redos1 alpinelinux1 openvas16 ubuntu2 nessus27 mageia1 amazon1 ubuntucve1 cloudfoundry1 oraclelinux1 photon2 debian1 gentoo1 redhat3 almalinux1 ibm2 ics1