CVE-2024-31969

high

Description

2024-06-07: CVE-2024-31969 was added to this advisory. In sudo-1.8.23-10.amzn2.3.6 (Amazon Linux 2) and sudo-1.8.23-10.58.amzn1 (Amazon Linux 1), a user with an entry in the sudoers file, enabling them to run commands as another unprivileged user, can leverage it to run commands as root. No prior versions are affected. This issue has been fixed in sudo-1.8.23-10.amzn2.3.7 (AL2) and sudo-1.8.23-10.59.amzn1 (AL1). (CVE-2024-31969)

Details

Source: Mitre, NVD

Published: 2024-02-23

Risk Information

CVSS v2

Base Score: 7.2

Vector: CVSS2#AV:L/AC:L/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High