2365647 – (CVE-2025-46718) CVE-2025-46718 sudo-rs: sudo-rs: Privilege Enumeration Vulnerability

Bug 2365647 (CVE-2025-46718) - CVE-2025-46718 sudo-rs: sudo-rs: Privilege Enumeration Vulnerability

Summary: CVE-2025-46718 sudo-rs: sudo-rs: Privilege Enumeration Vulnerability

Keywords:
Status:	NEW
Alias:	CVE-2025-46718
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	low
Severity:	low
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2365808 2365809 2365810
Blocks:
TreeView+	depends on / blocked

Reported:	2025-05-12 15:01 UTC by OSIDB Bzimport
Modified:	2025-05-13 19:05 UTC (History)
CC List:	0 users
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2025-05-12 15:01:16 UTC

sudo-rs is a memory safe implementation of sudo and su written in Rust. Prior to version 0.2.6, users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the `-U` flag. This vulnerability allows users with limited sudo privileges to enumerate the sudoers file, revealing sensitive information about other users' permissions. Attackers can collect information that can be used to more targeted attacks. Systems where users either do not have sudo privileges or have the ability to run all commands as root through sudo (the default configuration on most systems) are not affected by this advisory. Version 0.2.6 fixes the vulnerability.

Note You need to log in before you can comment on or make changes to this bug.