High severity8.8NVD Advisory· Published Jan 28, 2021· Updated Jun 17, 2026
CVE-2019-25016
CVE-2019-25016
Description
In OpenDoas from 6.6 to 6.8 the users PATH variable was incorrectly inherited by authenticated executions if the authenticating rule allowed the user to execute any command. Rules that only allowed to authenticated user to execute specific commands were not affected by this issue.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- OpenDoas/OpenDoasdescription
Patches
Vulnerability mechanics
References
5- github.com/Duncaen/OpenDoas/commit/01c658f8c45cb92a343be5f32aa6da70b2032168nvdPatchThird Party Advisory
- github.com/Duncaen/OpenDoas/commit/d5acd52e2a15c36a8e06f9103d35622933aa422dnvdPatchThird Party Advisory
- github.com/Duncaen/OpenDoas/issues/45nvdExploitIssue TrackingThird Party Advisory
- github.com/Duncaen/OpenDoas/releases/tag/v6.8.1nvdRelease NotesThird Party Advisory
- security.gentoo.org/glsa/202107-11nvdThird Party Advisory
News mentions
0No linked articles in our index yet.