Описание
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.6.17-1 |
| cosmic | not-affected | 1.6.17-1 |
| devel | not-affected | 1.6.17-1 |
| disco | not-affected | 1.6.17-1 |
| eoan | not-affected | 1.6.17-1 |
| esm-apps/bionic | not-affected | 1.6.17-1 |
| esm-apps/focal | not-affected | 1.6.17-1 |
| esm-apps/jammy | not-affected | 1.6.17-1 |
| esm-apps/noble | not-affected | 1.6.17-1 |
Показывать по
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3
Связанные уязвимости
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 a ...
The newEntry function in ptserver/ptprocs.c in OpenAFS before 1.6.17 allows remote authenticated users from foreign Kerberos realms to bypass intended access restrictions and create arbitrary groups as administrators by leveraging mishandling of the creator ID.
EPSS
4 Medium
CVSS2
6.5 Medium
CVSS3