Search for vulnerabilities
Vulnerability details: VCID-5jz4-7pcr-ebdd
Vulnerability ID VCID-5jz4-7pcr-ebdd
Aliases CVE-2019-19232
Summary In Sudo through 1.8.29, an attacker with access to a Runas ALL sudoer account can impersonate a nonexistent user by invoking sudo with a numeric uid that is not associated with any user. NOTE: The software maintainer believes that this is not a vulnerability because running a command via sudo as a user not present in the local password database is an intentional feature. Because this behavior surprised some users, sudo 1.8.30 introduced an option to enable/disable this behavior with the default being disabled. However, this does not change the fact that sudo was behaving as intended, and as documented, in earlier versions
Status Disputed
Exploitability 0.5
Weighted Severity 6.8
Risk 3.4
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-284 Improper Access Control
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19232.json
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.02143 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
epss 0.04468 https://api.first.org/data/v1/epss?cve=CVE-2019-19232
cvssv3.1 6.7 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2019-19232
cvssv3.1 7.5 https://nvd.nist.gov/vuln/detail/CVE-2019-19232
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19232.json
https://access.redhat.com/security/cve/cve-2019-19232
https://api.first.org/data/v1/epss?cve=CVE-2019-19232
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-19232
http://seclists.org/fulldisclosure/2020/Mar/31
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I6TKF36KOQUVJNBHSVJFA7BU3CCEYD2F/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IY6DZ7WMDKU4ZDML6MJLDAPG42B5WVUC/
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58103
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58812
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs58979
https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs76870
https://security.netapp.com/advisory/ntap-20200103-0004/
https://support2.windriver.com/index.php?page=cve&on=view&id=CVE-2019-19232
https://support2.windriver.com/index.php?page=defects&on=view&id=LIN1018-5506
https://support.apple.com/en-gb/HT211100
https://support.apple.com/kb/HT211100
https://www.bsi.bund.de/SharedDocs/Warnmeldungen/DE/CB/2019/12/warnmeldung_cb-k20-0001.html
https://www.oracle.com/security-alerts/bulletinapr2020.html
https://www.sudo.ws/devel.html#1.8.30b2
https://www.sudo.ws/stable.html
https://www.tenable.com/plugins/nessus/133936
1786704 https://bugzilla.redhat.com/show_bug.cgi?id=1786704
947225 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=947225
cpe:2.3:a:sudo:sudo:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:sudo:sudo:*:*:*:*:*:*:*:*
CVE-2019-19232 https://nvd.nist.gov/vuln/detail/CVE-2019-19232
RHSA-2020:1804 https://access.redhat.com/errata/RHSA-2020:1804
No exploits are available.
Vector: CVSS:3.0/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-19232.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19232
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2019-19232
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.8356
EPSS Score 0.02143
Published At Sept. 9, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T16:13:00.720367+00:00 NVD CVE Status Improver Improve https://cveawg.mitre.org/api/cve/CVE-2019-19232 37.0.0
2025-07-31T10:06:25.792223+00:00 NVD Importer Import https://nvd.nist.gov/vuln/detail/CVE-2019-19232 37.0.0