High
Exploiting the bug requires that the user have sudo privileges that allow them to run commands with an arbitrary user ID. Typically, this means that the user’s sudoers entry has the special value ALL in the Runas specifier.
Security bypass
Sudo
Sudo versions prior to 1.8.28 are affected
The bug is fixed in sudo 1.8.28