One vulnerability in Threat Intelligence Exchange Server has been discovered and resolved.
Affected software
The vulnerability affects the following versions of Threat Intelligence Exchange Server:
- 4.0.0 and earlier
Remediated/updated versions
The vulnerability is remediated in this version:
- 4.0.0 HF 2
Impact
- CVE-2023-22809 (CVSS: 7.8; Severity: High) sudo: arbitrary file write with privileges. In Sudo before 1.9.12p2, the sudoedit feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation.
Recommendation
Verify that you have applied the latest updates. Impacted users should install the relevant updates or hotfixes. For full instructions and information, see Knowledge Base article SB10401:
Also included in these releases
For a full list of changes, see the Release Notes: