Описание
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN client for Linux < v2.16.1.
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN client for Linux < v2.16.1.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2023-4104
- https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7055
- https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7110
- https://github.com/mozilla-mobile/mozilla-vpn-client/pull/7151
- https://bugzilla.mozilla.org/show_bug.cgi?id=1831318
- https://www.mozilla.org/security/advisories/mfsa2023-39
- https://www.openwall.com/lists/oss-security/2023/08/03/1
Связанные уязвимости
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
An invalid Polkit Authentication check and missing authentication requ ...
Уязвимость клиента сетевого программного обеспечения Mozilla VPN, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти существующие ограничения безопасности и задать произвольные настройки VPN