Vulnerability Details CVE-2023-28339
OpenDoas through 6.8.2, when TIOCSTI is available, allows privilege escalation because of sharing a terminal with the original session. NOTE: TIOCSTI is unavailable in OpenBSD 6.0 and later, and can be made unavailable in the Linux kernel 6.2 and later.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 27.2%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2023-28339
-
cpe:2.3:a:opendoas_project:opendoas:-
-
cpe:2.3:a:opendoas_project:opendoas:0.1
-
cpe:2.3:a:opendoas_project:opendoas:0.2
-
cpe:2.3:a:opendoas_project:opendoas:0.3
-
cpe:2.3:a:opendoas_project:opendoas:0.3.1
-
cpe:2.3:a:opendoas_project:opendoas:0.3.2
-
cpe:2.3:a:opendoas_project:opendoas:6.0
-
cpe:2.3:a:opendoas_project:opendoas:6.6
-
cpe:2.3:a:opendoas_project:opendoas:6.6.1
-
cpe:2.3:a:opendoas_project:opendoas:6.8
-
cpe:2.3:a:opendoas_project:opendoas:6.8.1
-
cpe:2.3:a:opendoas_project:opendoas:6.8.2