Описание
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 1:1.3.9-1ubuntu0.18.04.3 |
| devel | released | 1:2.2.4-0.2 |
| esm-infra-legacy/trusty | not-affected | |
| esm-infra/bionic | not-affected | 1:1.3.9-1ubuntu0.18.04.3 |
| esm-infra/focal | not-affected | 1:2.0.19-2ubuntu0.1 |
| esm-infra/xenial | not-affected | |
| focal | released | 1:2.0.19-2ubuntu0.1 |
| hirsute | released | 1:2.1.5-0.2ubuntu0.1 |
| impish | released | 1:2.1.5-0.2ubuntu1.1 |
| jammy | released | 1:2.2.4-0.2 |
Показывать по
EPSS
5.5 Medium
CVSS2
5.4 Medium
CVSS3
Связанные уязвимости
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
In Keepalived through 2.2.4, the D-Bus policy does not sufficiently re ...
EPSS
5.5 Medium
CVSS2
5.4 Medium
CVSS3