VDB

CVE-2021-23240

CVE-2021-23240 PUBLISHED

selinux_edit_copy_tfiles in sudoedit in Sudo before 1.9.5 allows a local unprivileged user to gain file ownership and escalate privileges by replacing a temporary file with a symlink to an arbitrary file target. This affects SELinux RBAC support in permissive mode. Machines without SELinux are not vulnerable.

EPSS 0.21% · 43.2th percentile

Risk Scores

EPSS Score
0.21%
43.2th percentile

Affected Products

VendorProductVersions
Ubuntu:Pro:16.04:LTSsudo1.8.16-0ubuntu1.7, 1.8.16-0ubuntu1.9, 1.8.16-0ubuntu1.10
Ubuntu:Pro:18.04:LTSsudo1.8.21p2-3ubuntu1, 1.8.21p2-3ubuntu1.3, 1.8.21p2-3ubuntu1.4
Ubuntu:Pro:20.04:LTSsudo1.8.31-1ubuntu1.5, 1.8.27-1ubuntu4, 1.8.31-1ubuntu1
Ubuntu:Pro:14.04:LTSsudo0, 1.8.6p3-0ubuntu3, 1.8.8-2ubuntu1

Timeline

  • Jan 12, 2021 CVE Published
  • Apr 14, 2021 EPSS Score
  • Jun 23, 2021 EPSS Score
  • Aug 24, 2021 EPSS Score
  • Dec 27, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Jul 3, 2022 EPSS Score
  • Sep 4, 2022 EPSS Score
  • Nov 6, 2022 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›