CVE-2023-7090 MEDIUM

CVE-2023-7090: Sudo: improper handling of ipa_hostname leads to privilege mismanagement

Vendor Red Hat
Product Red Hat Enterprise Linux 6
Weakness CWE-269
Published December 23, 2023
Last update August 2, 2024

CVSS base score

6.6/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality Low
Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L

What the vulnerability does

01Description

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

Key dates

02Disclosure timeline

December 23, 2023 CVE published
August 2, 2024 Record updated