Description
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
References (5)
Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/Duncaen/OpenDoas/issues/45
Release Notes, Third Party Advisory x_refsource_misc
https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1
Patch, Third Party Advisory x_refsource_misc
https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202107-11
Scores
CVSS v3
8.8
EPSS
0.0263
EPSS Percentile
83.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-909
CWE-459
Status
published
Products (1)
opendoas_project/opendoas
6.6 - 6.8
Published
Jan 28, 2021
Tracked Since
Feb 18, 2026