Home > Vulnerability Database > CVE-2019-25016

Mend.io Vulnerability Database

CVE-2019-25016

Good to know:

Date: January 28, 2021

In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.

Language: C

Severity Score

8.8

Related Resources (8)

Url: https://nvd.nist.gov/vuln/detail/CVE-2019-25016

Url: https://security.gentoo.org/glsa/202107-11

Url: https://security.alpinelinux.org/vuln/CVE-2019-25016

Url: https://github.com/Duncaen/OpenDoas/releases/tag/v6.8.1

Url: https://github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422d

Url: https://github.com/Duncaen/OpenDoas/issues/45

Url: https://github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168

Url: https://www.mend.io/vulnerability-database/CVE-2019-25016

Severity Score

8.8

Weakness Type (CWE)

Incomplete Cleanup

CWE-459

Missing Initialization of Resource

CWE-909

Incorrect Permission Assignment for Critical Resource

CWE-732

Top Fix

Upgrade Version

Upgrade to version v6.8.1

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

CVSS v2

Base Score:	6.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	SINGLE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2019-25016

Good to know:

Date: January 28, 2021

Language: C

Severity Score

Related Resources (8)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?