CVE-2019-25016 log
Source |
|
Severity | High |
Remote | No |
Type | Privilege escalation |
Description | A security issue has been found in OpenDoas before 6.8.1, where rules that allowed the user to execute any command would inherit the executing user's PATH instead of resetting it to a default PATH. Rules that limit the user to execute only a specific command are not affected by this and are only executed from the default PATH and with the PATH environment variable set to the safe default. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-1504 | opendoas | 6.6.1-2 | 6.8.1-2 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
06 Feb 2021 | ASA-202102-8 | AVG-1504 | opendoas | High | privilege escalation |