Privilege Mismanagement Vulnerability in Sudo due to ipa_hostname Handling Flaw

Privilege Mismanagement Vulnerability in Sudo due to ipa_hostname Handling Flaw

CVE-2023-7090 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

A flaw was found in sudo in the handling of ipa_hostname, where ipa_hostname from /etc/sssd/sssd.conf was not propagated in sudo. Therefore, it leads to privilege mismanagement vulnerability in applications, where client hosts retain privileges even after retracting them.

Learn more about our Web Application Penetration Testing UK.