Advisories for Cargo/Sudo-Rs package

2025

sudo-rs Allows Low Privilege Users to Enumerate Privileges of Others

Users with limited sudo privileges (e.g. execution of a single command) can list sudo privileges of other users using the -U flag. This doesn't happen with the original sudo.

sudo-rs Allows Low Privilege Users to Discover the Existence of Files in Inaccessible Folders

Users with no (or very limited) sudo privileges can determine whether files exists in folders that they otherwise cannot access using sudo –list <pathname>.

2023

sudo-rs Session File Relative Path Traversal vulnerability

An issue was discovered where usernames containing the . and / characters could result in the corruption of specific files on the filesystem. As usernames are generally not limited by the characters they can contain, a username appearing to be a relative path can be constructed. For example we could add a user to the system containing the username ../../../../bin/cp. When logged in as a user with that name, that …