Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2019-25016

UNKNOWN
Published 2021-01-28T19:38:24
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2019-25016. We'll provide specific mitigation strategies based on your environment and risk profile.

No CVSS data available

Description

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

⚠ Unreviewed HIGH

GHSA-59xc-99wg-3hgf

Advisory Details

There is an unsafe incomplete reset of PATH in OpenDoas 6.6 through 6.8 when changing the user context.

CVSS Scoring

CVSS Score

7.5

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References

ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2019-25016
WEB https://github.com/Duncaen/OpenDoas/issues/45
WEB https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168
WEB https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d
WEB https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1
WEB https://security.gentoo.org/glsa/202107-11

Advisory provided by GitHub Security Advisory Database. Published: May 24, 2022, Modified: May 24, 2022

References

https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168
https://github.com/Duncaen/OpenDoas/issues/45
https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1
https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d
https://security.gentoo.org/glsa/202107-11
Published: 2021-01-28T19:38:24
Last Modified: 2024-08-05T03:00:19.238Z
Copied to clipboard!