Security Advisory

CVE-2019-25016

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2021-01-28 19:38:24

Last updated 2024-08-05 03:00:19

Assigner mitre

State PUBLISHED

Description

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.

← Browse all CVEs View on cve.org ↗