CVE-2023-1326

Published: Apr 13, 2023

Modified: Feb 7, 2025

PUBLISHED

CVSS v3.1

7.7

HIGH

Description

A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit.

Vendor	Product	Versions
Canonical Ltd.	Apport	affected `0 - <= 2.26.0`

Weaknesses (CWE)

CWE-269

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H

Attack Vector

Local

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

High

Availability

High

References

https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb

patch

https://ubuntu.com/security/notices/USN-6018-1

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-1326

Description

Affected Products

Weaknesses (CWE)

CVSS v3.1 Details

References