{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-7090", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "state": "PUBLISHED", "assignerShortName": "redhat", "dateReserved": "2023-12-23T19:25:33.533Z", "datePublished": "2023-12-23T22:33:13.530Z", "dateUpdated": "2024-08-02T08:50:07.937Z"}, "containers": {"cna": {"title": "Sudo: improper handling of ipa_hostname leads to privilege mismanagement", "metrics": [{"other": {"content": {"value": "Moderate", "namespace": "https://access.redhat.com/security/updates/classification/"}, "type": "Red Hat severity rating"}}, {"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS"}], "descriptions": [{"lang": "en", "value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."}], "affected": [{"product": "sudo", "vendor": "n/a", "versions": [{"version": "1.8.28", "status": "unaffected"}]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 6", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "sudo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:6"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 7", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "sudo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:7"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 8", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "sudo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:8"]}, {"vendor": "Red Hat", "product": "Red Hat Enterprise Linux 9", "collectionURL": "https://access.redhat.com/downloads/content/package-browser/", "packageName": "sudo", "defaultStatus": "unaffected", "cpes": ["cpe:/o:redhat:enterprise_linux:9"]}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "sudo", "defaultStatus": "unaffected"}, {"product": "Fedora", "vendor": "Fedora", "collectionURL": "https://packages.fedoraproject.org/", "packageName": "freeipa", "defaultStatus": "unaffected"}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-7090", "tags": ["vdb-entry", "x_refsource_REDHAT"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723", "name": "RHBZ#2255723", "tags": ["issue-tracking", "x_refsource_REDHAT"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"}, {"url": "https://security.netapp.com/advisory/ntap-20240208-0001/"}, {"url": "https://www.sudo.ws/releases/legacy/#1.8.28"}], "datePublic": "2019-08-15T00:00:00+00:00", "problemTypes": [{"descriptions": [{"cweId": "CWE-269", "description": "Improper Privilege Management", "lang": "en", "type": "CWE"}]}], "x_redhatCweChain": "CWE-269: Improper Privilege Management", "timeline": [{"lang": "en", "time": "2018-11-02T00:00:00+00:00", "value": "Reported to Red Hat."}, {"lang": "en", "time": "2019-08-15T00:00:00+00:00", "value": "Made public."}], "credits": [{"lang": "en", "value": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security)."}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-03-20T11:05:45.902Z"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T08:50:07.937Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2023-7090", "tags": ["vdb-entry", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723", "name": "RHBZ#2255723", "tags": ["issue-tracking", "x_refsource_REDHAT", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20240208-0001/", "tags": ["x_transferred"]}, {"url": "https://www.sudo.ws/releases/legacy/#1.8.28", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sudo_project:sudo:*:*:*:*:*:*:*:*", "matchCriteriaId": "07F52D32-AC76-42B8-B59F-57D5E36010CB", "versionEndExcluding": "1.8.28", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en sudo en el manejo de ipa_hostname, donde ipa_hostname de /etc/sssd/sssd.conf no se propag\u00f3 en sudo. Por lo tanto, genera una vulnerabilidad de mala gesti\u00f3n de privilegios en las aplicaciones, donde los hosts de los clientes conservan los privilegios incluso despu\u00e9s de retirarlos."}], "id": "CVE-2023-7090", "lastModified": "2024-11-21T08:45:13.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 3.7, "source": "secalert@redhat.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-12-23T23:15:07.560", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-7090"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"}, {"source": "secalert@redhat.com", "url": "https://security.netapp.com/advisory/ntap-20240208-0001/"}, {"source": "secalert@redhat.com", "tags": ["Release Notes"], "url": "https://www.sudo.ws/releases/legacy/#1.8.28"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2023-7090"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://security.netapp.com/advisory/ntap-20240208-0001/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://www.sudo.ws/releases/legacy/#1.8.28"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "This issue was discovered by Mohammad Tausif Siddiqui (Red Hat Product Security).", "bugzilla": {"description": "sudo: Improper handling of ipa_hostname leads to privilege mismanagement", "id": "2255723", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2255723"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.6", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L", "status": "draft"}, "cwe": "CWE-269", "details": ["A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.", "A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them."], "name": "CVE-2023-7090", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "sudo", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2019-08-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-7090\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-7090\nhttps://www.sudo.ws/releases/legacy/#1.8.28"], "statement": "This vulnerability was introduced in sudo 1.8.24 which affects IPA-sudo integration as used in FreeIPA, where sudoers parsing was unified. This issue was fixed in sudo-1.8.25p1-7.el8.x86_64 by RHBA-2019:3598. Red Hat ships fixed versions of sudo. Hence, Red Hat Enterprise Linux is not affected by this CVE.\nhttps://access.redhat.com/errata/RHBA-2019:3598", "threat_severity": "Moderate", "upstream_fix": "sudo 1.8.28"}