Описание
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
Ссылки
- ExploitIssue Tracking
- Issue TrackingPatch
- Issue TrackingPatch
- Issue Tracking
- Vendor Advisory
- ExploitMailing ListThird Party Advisory
- ExploitIssue Tracking
- Issue TrackingPatch
- Issue TrackingPatch
- Issue Tracking
- Vendor Advisory
- ExploitMailing ListThird Party Advisory
Уязвимые конфигурации
EPSS
5.5 Medium
CVSS3
Дефекты
Связанные уязвимости
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1 < (Linux).
An invalid Polkit Authentication check and missing authentication requ ...
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN client for Linux < v2.16.1.
Уязвимость клиента сетевого программного обеспечения Mozilla VPN, связанная с недостатками процедуры аутентификации, позволяющая нарушителю обойти существующие ограничения безопасности и задать произвольные настройки VPN
EPSS
5.5 Medium
CVSS3