Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2021-3560

Опубликовано: 16 фев. 2022
Источник: nvd
CVSS3: 7.8
CVSS2: 7.2
EPSS Низкий

Описание

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*
Версия до 0.119 (исключая)
Конфигурация 2
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
Конфигурация 4

Одновременно

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 5

Одновременно

cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*

Одно из

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

EPSS

Процентиль: 89%
0.04535
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-863
CWE-754

Связанные уязвимости

ubuntu логотип

CVE-2021-3560

CVSS3: 7.8
ubuntu
больше 3 лет назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

redhat логотип

CVE-2021-3560

CVSS3: 7.8
redhat
около 4 лет назад

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

debian логотип

CVE-2021-3560

CVSS3: 7.8
debian
больше 3 лет назад

It was found that polkit could be tricked into bypassing the credentia ...

suse-cvrf логотип

openSUSE-SU-2021:1843-1

suse-cvrf
почти 4 года назад

Security update for polkit

suse-cvrf логотип

openSUSE-SU-2021:0838-1

suse-cvrf
около 4 лет назад

Security update for polkit

EPSS

Процентиль: 89%
0.04535
Низкий

7.8 High

CVSS3

7.2 High

CVSS2

Дефекты

CWE-863
CWE-754