CVE Vulnerabilities

CVE-2023-1326

Improper Privilege Management

Published: Apr 13, 2023 | Modified: Apr 19, 2023
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Apport Canonical * 2.26.0 (including)
Apport Ubuntu bionic *
Apport Ubuntu devel *
Apport Ubuntu esm-infra/bionic *
Apport Ubuntu focal *
Apport Ubuntu jammy *
Apport Ubuntu kinetic *
Apport Ubuntu lunar *
Apport Ubuntu trusty *
Apport Ubuntu upstream *
Apport Ubuntu xenial *

Potential Mitigations

References