{
  "threat_severity" : "Important",
  "public_date" : "2023-01-18T15:00:00Z",
  "bugzilla" : {
    "description" : "sudo: arbitrary file write with privileges of the RunAs user",
    "id" : "2161142",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2161142"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.8",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
    "status" : "verified"
  },
  "details" : [ "In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a \"--\" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.", "A vulnerability was found in sudo. Exposure in how sudoedit handles user-provided environment variables leads to arbitrary file writing with privileges of the RunAs user (usually root). The prerequisite for exploitation is that the current user must be authorized by the sudoers policy to edit a file using sudoedit." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 6 Extended Lifecycle Support",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0287",
    "cpe" : "cpe:/o:redhat:rhel_els:6",
    "package" : "sudo-0:1.8.6p3-29.el6_10.7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0291",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "sudo-0:1.8.23-10.el7_9.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.4 Advanced Update Support",
    "release_date" : "2023-05-23T00:00:00Z",
    "advisory" : "RHSA-2023:3264",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.4",
    "package" : "sudo-0:1.8.19p2-12.el7_4.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.6 Advanced Update Support(Disable again in 2026 - SPRHEL-7118)",
    "release_date" : "2023-05-23T00:00:00Z",
    "advisory" : "RHSA-2023:3262",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.6",
    "package" : "sudo-0:1.8.23-3.el7_6.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Advanced Update Support",
    "release_date" : "2023-05-23T00:00:00Z",
    "advisory" : "RHSA-2023:3276",
    "cpe" : "cpe:/o:redhat:rhel_aus:7.7",
    "package" : "sudo-0:1.8.23-4.el7_7.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Telco Extended Update Support",
    "release_date" : "2023-05-23T00:00:00Z",
    "advisory" : "RHSA-2023:3276",
    "cpe" : "cpe:/o:redhat:rhel_tus:7.7",
    "package" : "sudo-0:1.8.23-4.el7_7.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions",
    "release_date" : "2023-05-23T00:00:00Z",
    "advisory" : "RHSA-2023:3276",
    "cpe" : "cpe:/o:redhat:rhel_e4s:7.7",
    "package" : "sudo-0:1.8.23-4.el7_7.4"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0284",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8",
    "package" : "sudo-0:1.8.29-8.el8_7.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0280",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.1",
    "package" : "sudo-0:1.8.25p1-8.el8_1.3"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Advanced Update Support",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0292",
    "cpe" : "cpe:/o:redhat:rhel_aus:8.2",
    "package" : "sudo-0:1.8.29-5.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Telecommunications Update Service",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0292",
    "cpe" : "cpe:/o:redhat:rhel_tus:8.2",
    "package" : "sudo-0:1.8.29-5.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0292",
    "cpe" : "cpe:/o:redhat:rhel_e4s:8.2",
    "package" : "sudo-0:1.8.29-5.el8_2.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.4 Extended Update Support",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0293",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.4",
    "package" : "sudo-0:1.8.29-7.el8_4.2"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8.6 Extended Update Support",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0283",
    "cpe" : "cpe:/o:redhat:rhel_eus:8.6",
    "package" : "sudo-0:1.8.29-8.el8_6.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0282",
    "cpe" : "cpe:/a:redhat:enterprise_linux:9",
    "package" : "sudo-0:1.9.5p2-7.el9_1.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0282",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9",
    "package" : "sudo-0:1.9.5p2-7.el9_1.1"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9.0 Extended Update Support",
    "release_date" : "2023-01-23T00:00:00Z",
    "advisory" : "RHSA-2023:0281",
    "cpe" : "cpe:/a:redhat:rhel_eus:9.0",
    "package" : "sudo-0:1.9.5p2-7.el9_0.2"
  }, {
    "product_name" : "Red Hat Virtualization 4 for Red Hat Enterprise Linux 8",
    "release_date" : "2023-02-21T00:00:00Z",
    "advisory" : "RHSA-2023:0859",
    "cpe" : "cpe:/o:redhat:rhev_hypervisor:4.4::el8",
    "package" : "redhat-virtualization-host-0:4.5.3-202302150956_8.6"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2023-22809\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-22809\nhttps://github.com/sudo-project/sudo/releases/tag/SUDO_1_9_12p2\nhttps://www.sudo.ws/security/advisories/sudoedit_any/" ],
  "name" : "CVE-2023-22809",
  "mitigation" : {
    "value" : "It is possible to prevent a user-specified editor from being used by sudoedit by adding the following line to the sudoers file.\n~~~\nDefaults!sudoedit    env_delete+=\"SUDO_EDITOR VISUAL EDITOR\"\n~~~\nTo restrict the editor when editing specific files, a Cmnd_Alias can be used, for example:\n~~~\nCmnd_Alias              EDIT_MOTD = sudoedit /etc/motd\nDefaults!EDIT_MOTD      env_delete+=\"SUDO_EDITOR VISUAL EDITOR\"\nuser                    ALL = EDIT_MOTD\n~~~\nBut if possible please update the affected package as soon as possible.",
    "lang" : "en:us"
  },
  "csaw" : false
}