CVE-2015-8239
7.0
HIGH
CVSS 3.1
EPSS 0.88%
Description
The SHA-2 digest support in the sudoers plugin in sudo after 1.8.7 allows local users with write permissions to parts of the called command to replace them before it is executed.
How to fix CVE-2015-8239
To remediate CVE-2015-8239, upgrade the affected package to a fixed version below.
- Debian/sudo—upgrade to 1.8.17p1-1 or later
Is CVE-2015-8239 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.8.17p1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.0 | CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |