Skip to content

A user-provided Sudo binary can be provided for authentication checks

High
hwittenborn published GHSA-pxg4-7c7r-2ww6 Sep 26, 2022

Package

cargo mist (Rust)

Affected versions

< 0.9.5

Patched versions

0.9.5

Description

Impact

A user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions.

Patches

Users should upgrade their version of Mist to version 0.9.5 or later.

Workarounds

No known workarounds exist.

Severity

High

CVE ID

CVE-2022-39245

Weaknesses