2365650 – (CVE-2025-46717) CVE-2025-46717 sudo-rs: sudo-rs: File Existence Information Disclosure

Bug 2365650 (CVE-2025-46717) - CVE-2025-46717 sudo-rs: sudo-rs: File Existence Information Disclosure

Summary: CVE-2025-46717 sudo-rs: sudo-rs: File Existence Information Disclosure

Keywords:
Status:	NEW
Alias:	CVE-2025-46717
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2365918 2365919 2365920
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-12 15:01 UTC by OSIDB Bzimport
Modified:	2025-05-13 22:10 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-12 15:01:27 UTC

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using `sudo --list <pathname>`. Users with local access to a machine can discover the existence/non-existence of certain files, revealing potentially sensitive information in the file names. This information can also be used in conjunction with other attacks. Version 0.2.6 fixes the vulnerability.

Note You need to log in before you can comment on or make changes to this bug.