{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-1326","assignerOrgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","state":"PUBLISHED","assignerShortName":"canonical","dateReserved":"2023-03-10T16:17:04.430Z","datePublished":"2023-04-13T22:35:19.704Z","dateUpdated":"2025-02-07T15:54:48.365Z"},"containers":{"cna":{"affected":[{"collectionURL":"https://github.com/canonical/apport/tags","packageName":"apport","platforms":["Linux"],"product":"Apport","repo":"https://github.com/canonical/apport/","vendor":"Canonical Ltd.","versions":[{"lessThanOrEqual":"2.26.0","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"Chen Lu"},{"lang":"en","type":"finder","value":"Lei Wang"},{"lang":"en","type":"finder","value":"YiQi Sun"}],"datePublic":"2023-04-13T12:33:00.000Z","descriptions":[{"lang":"en","value":"A privilege escalation attack was found in apport-cli 2.26.0 and earlier which is similar to CVE-2023-26604. If a system is specially configured to allow unprivileged users to run sudo apport-cli, less is configured as the pager, and the terminal size can be set: a local attacker can escalate privilege. It is extremely unlikely that a system administrator would configure sudo to allow unprivileged users to perform this class of exploit."}],"impacts":[{"capecId":"CAPEC-233","descriptions":[{"lang":"en","value":"CAPEC-233"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"LOCAL","availabilityImpact":"HIGH","baseScore":7.7,"baseSeverity":"HIGH","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"HIGH","scope":"CHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H","version":"3.1"},"format":"CVSS"}],"problemTypes":[{"descriptions":[{"cweId":"CWE-269","description":"CWE-269","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"cc1ad9ee-3454-478d-9317-d3e869d708bc","shortName":"canonical","dateUpdated":"2023-04-18T14:55:54.874Z"},"references":[{"tags":["patch"],"url":"https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"},{"url":"https://ubuntu.com/security/notices/USN-6018-1","tags":["vendor-advisory"]}],"title":"local privilege escalation in apport-cli"},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T05:40:59.987Z"},"title":"CVE Program Container","references":[{"tags":["patch","x_transferred"],"url":"https://github.com/canonical/apport/commit/e5f78cc89f1f5888b6a56b785dddcb0364c48ecb"},{"url":"https://ubuntu.com/security/notices/USN-6018-1","tags":["vendor-advisory","x_transferred"]}]},{"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-07T15:54:40.471465Z","id":"CVE-2023-1326","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-07T15:54:48.365Z"}}]}}