Описание
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
Ссылки
- ExploitMitigationVendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.3.6 (исключая)
cpe:2.3:a:canonical:authd:*:*:*:*:*:*:*:*
EPSS
Процентиль: 15%
0.00049
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS3
Дефекты
CWE-286
CWE-335
Связанные уязвимости
CVSS3: 7.5
ubuntu
больше 1 года назад
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
CVSS3: 7.5
github
больше 1 года назад
Authd allows attacker-controlled usernames to yield controllable UIDs
EPSS
Процентиль: 15%
0.00049
Низкий
7.5 High
CVSS3
6.4 Medium
CVSS3
Дефекты
CWE-286
CWE-335