Sign In

CVE-2021-23240

ADVISORY - nist

Summary

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

EPSS Score: 0.00172 (0.391)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-59

Improper Link Resolution Before File Access ('Link Following')

ADVISORY - redhat

CWE-367

Time-of-check Time-of-use (TOCTOU) Race Condition

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Impacted images

Advisories

NIST

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-59

CVSS SCORE

7.8high

Alpine

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY

Debian

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Ubuntu

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.8low

Red Hat

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

1.8

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-367CWE-59

CVSS SCORE

7.8medium

Rocky

CREATED

UPDATED

ADVISORY IDRLSA-2021:1723
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Amedium

Oracle

CREATED

UPDATED

ADVISORY IDELSA-2021-1723
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

intheWild

CREATED

UPDATED

ADVISORY IDCVE-2021-23240
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM ADVISORY