CVE-2019-19585

Name of the Vulnerable Software and Affected Versions rConfig version 3.9.3

Description An issue in rConfig allows an attacker to bypass local security restrictions due to insecure privilege management in the /etc/sudoers file. This occurs after an update to the rConfig specific Apache configuration, granting Apache high privileges for certain binaries.

Recommendations For rConfig version 3.9.3, consider restricting the privileges granted to Apache for specific binaries until a patch is available. As a temporary workaround, review and adjust the /etc/sudoers file to ensure that Apache's privileges are limited to necessary tasks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.