### [CVE-2023-22809](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22809)
![](https://img.shields.io/static/v1?label=Product&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=n%2Fa&color=brighgreen)

### Description

In Sudo before 1.9.12p2, the sudoedit (aka -e) feature mishandles extra arguments passed in the user-provided environment variables (SUDO_EDITOR, VISUAL, and EDITOR), allowing a local attacker to append arbitrary entries to the list of files to process. This can lead to privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor may contain a "--" argument that defeats a protection mechanism, e.g., an EDITOR='vim -- /path/to/extra/file' value.

### POC

#### Reference
- http://packetstormsecurity.com/files/171644/sudo-1.9.12p1-Privilege-Escalation.html
- http://packetstormsecurity.com/files/172509/Sudoedit-Extra-Arguments-Privilege-Escalation.html
- http://packetstormsecurity.com/files/174234/Cisco-ThousandEyes-Enterprise-Agent-Virtual-Appliance-Arbitrary-File-Modification.html
- http://seclists.org/fulldisclosure/2023/Aug/21
- http://www.openwall.com/lists/oss-security/2023/01/19/1

#### Github
- https://github.com/0day404/vulnerability-poc
- https://github.com/0xsyr0/OSCP
- https://github.com/3yujw7njai/CVE-2023-22809-sudo-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/CKevens/CVE-2023-22809-sudo-POC
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/Chan9Yan9/CVE-2023-22809
- https://github.com/KayCHENvip/vulnerability-poc
- https://github.com/M4fiaB0y/CVE-2023-22809
- https://github.com/SenukDias/OSCP_cheat
- https://github.com/SirElmard/ethical_hacking
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/CVE
- https://github.com/Toothless5143/CVE-2023-22809
- https://github.com/Zeyad-Azima/Remedy4me
- https://github.com/abrahim7112/Vulnerability-checking-program-for-Android
- https://github.com/asepsaepdin/CVE-2021-1732
- https://github.com/asepsaepdin/CVE-2023-22809
- https://github.com/beruangsalju/LocalPrivelegeEscalation
- https://github.com/beruangsalju/LocalPrivilegeEscalation
- https://github.com/d4n-sec/d4n-sec.github.io
- https://github.com/exfilt/CheatSheet
- https://github.com/hello4r1end/patch_CVE-2023-22809
- https://github.com/hktalent/TOP
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/kgwanjala/oscp-cheatsheet
- https://github.com/manas3c/CVE-POC
- https://github.com/n3m1dotsys/CVE-2023-22809-sudoedit-privesc
- https://github.com/n3m1dotsys/n3m1dotsys
- https://github.com/n3m1sys/CVE-2023-22809-sudoedit-privesc
- https://github.com/n3m1sys/n3m1sys
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/oscpname/OSCP_cheat
- https://github.com/parth45/cheatsheet
- https://github.com/pashayogi/CVE-2023-22809
- https://github.com/revanmalang/OSCP
- https://github.com/stefan11111/rdoedit
- https://github.com/txuswashere/OSCP
- https://github.com/whoforget/CVE-POC
- https://github.com/x00tex/hackTheBox
- https://github.com/xhref/OSCP
- https://github.com/youwizard/CVE-POC