VDB
DEBIAN-CVE-2023-22809
DEBIAN-CVE-2023-22809
PUBLISHED
CVSS 7.800000190734863 HIGH
In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.
Risk Scores
CVSS 3.1
7.800000190734863
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:13 | sudo | 0, 0, 0 |
| Debian:14 | sudo | 0, 0, 0 |
| Debian | sudo | |
| Debian:11 | sudo | 0, 1.9.5, 1.9.5p2-3 |
| Debian:12 | sudo | 0, 0, 0 |
Exploit Intelligence
- Sudo Privilege Escalation: CVE-2023-22809 Simulation This project simulates the Sudo privilege escalation vulnerability (CVE-2023-22809) to demonstrate how unauthorized root access can be gained. It involves identifying and exploiting this vulnerability in a controlled environment using Parrot OS, the Sudo command, and Bash scripting. (github-poc-repo)
- D0rDa4aN919/CVE-2023-22809-Exploiter (github-poc-repo)
- Automates vulnerability check for sudo versions and privilege escalation via sudoedit if exploitable, helping users test and gain root access. (github-poc-repo)
- Implementation of the CVE-2023-22809 (github-poc-repo)
- Implementation of the CVE-2023-22809 (github-poc)
- Automates vulnerability check for sudo versions and privilege escalation via sudoedit if exploitable, helping users test and gain root access. (github-poc)
- D0rDa4aN919/CVE-2023-22809-Exploiter (github-poc)
- Sudo Privilege Escalation: CVE-2023-22809 Simulation This project simulates the Sudo privilege escalation vulnerability (CVE-2023-22809) to demonstrate how unauthorized root access can be gained. It involves identifying and exploiting this vulnerability in a controlled environment using Parrot OS, the Sudo command, and Bash scripting. (github-poc)
- Running this exploit on a vulnerable system allows a local attacker to gain a root shell on the machine. (github-poc)
- asepsaepdin/CVE-2023-22809 (github-poc)
…and 13 more exploits
Timeline
- Jan 18, 2023 CVE Published
- Apr 28, 2026 CVE Updated