VDB

GCVE-110-CLOUD-2022-0035

GCVE-110-CLOUD-2022-0035
Advisory Published
Vulnetix · Advisory published April 20, 2022
The Amazon SSM Agent (used for managing EC2 instances via Amazon Systems Manager) created a world-writable sudoers file, which would have allowed local attackers to inject Sudo rules and escalate privileges to root. This could occur in certain situations involving a race condition.

Affected Products

VendorProductVersionsPlatforms
AWSSSM
AWSCloud Services
AWSSSM, EC2
AWSEC2

References

advisory
advisory
advisory

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›