Описание
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
A flaw was found in usbguard. The vulnerability occurs due to the No default access control list(ACL) on some D-Bus methods and leads to unauthorized access. This flaw allows an attacker to access and escape policy configuration.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 7 | usbguard | Out of support scope | ||
| Red Hat Enterprise Linux 8 | usbguard | Fixed | RHSA-2023:0087 | 12.01.2023 |
| Red Hat Enterprise Linux 8.4 Extended Update Support | usbguard | Fixed | RHSA-2022:8679 | 29.11.2022 |
| Red Hat Enterprise Linux 8.6 Extended Update Support | usbguard | Fixed | RHSA-2022:8806 | 06.12.2022 |
| Red Hat Enterprise Linux 9 | usbguard | Fixed | RHSA-2023:0303 | 23.01.2023 |
| Red Hat Enterprise Linux 9.0 Extended Update Support | usbguard | Fixed | RHSA-2022:8971 | 13.12.2022 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.8 High
CVSS3
Связанные уязвимости
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
An issue was discovered in USBGuard before 1.1.0. On systems with the usbguard-dbus daemon running, an unprivileged user could make USBGuard allow all USB devices to be connected in the future.
An issue was discovered in USBGuard before 1.1.0. On systems with the ...
EPSS
7.8 High
CVSS3