CVE-2022-29527
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-29527
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-29527.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2022-29527
- Downstream
- Related
- Published
- 2022-04-20T10:15:08.073Z
- Modified
- 2025-11-14T13:14:24.775287Z
- Severity
-
- 7.0 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Amazon AWS amazon-ssm-agent before 3.1.1208.0 creates a world-writable sudoers file, which allows local attackers to inject Sudo rules and escalate privileges to root. This occurs in certain situations involving a race condition.
- References
Affected packages
Git / github.com/aws/amazon-ssm-agent
Affected ranges
- Type
- GIT
- Repo
- https://github.com/aws/amazon-ssm-agent
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed
Affected versions
2.*
2.0.599.0
2.0.672.0
2.0.755.0
2.0.767.0
2.0.790.0
2.0.796.0
2.0.805.0
2.2.257.0
2.2.325.0
2.2.355.0
2.2.392.0
2.2.493.0
2.2.546.0
2.2.607.0
2.2.619.0
2.2.800.0
2.3.117.0
2.3.136.0
2.3.193.0
2.3.50.0
2.3.68.0
3.*
3.0.1031.0
3.0.1124.0
3.0.1181.0
3.0.1209.0
3.0.1295.0
3.0.1390.0
3.0.222.0
3.0.502.0
3.0.529.0
3.0.603.0
3.0.655.0
3.0.732.0
3.0.755.0
3.0.854.0
3.0.882.0
3.1.1004.0
3.1.1045.0
3.1.1080.0
3.1.1141.0
3.1.1188.0
3.1.127.0
3.1.192.0
3.1.282.0
3.1.338.0
3.1.426.0
3.1.459.0
3.1.501.0
3.1.630.0
3.1.634.0
3.1.715.0
3.1.804.0
3.1.821.0
3.1.90.0
3.1.941.0
v1.*
v1.1.145.0
v1.1.146.0
v1.2.252.0
v1.2.290.0
v2.*
v2.0.633.0
v2.0.755.0