Sudoedit bypass in Sudo <= 1.9.12p1 (CVE-2023-22809)

For information


Below is a link to a helpful tool


1 Like

The vulnerability has been fixed in version 1.2.9p2 and the patch for that update was merged into next yesterday so it will be available in CU173.

Also the problem can only occur if sudoedit is used instead of sudo and it is used by a malicious user who has been given user access to the command line via console or ssh.

So I believe that the risk on IPFire is very low unless people have added multiple other users to be able to access IPFire via the command line which is not a recommended approach.