Описание
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | released | 2.0-21-g6fe2f4f-1ubuntu1.1 |
| devel | not-affected | 3.0-3 |
| esm-apps/bionic | released | 2.0-21-g6fe2f4f-1ubuntu1.1 |
| esm-apps/focal | released | 2.0-21-g6fe2f4f-2ubuntu0.20.04.1 |
| esm-apps/jammy | released | 2.0-21-g6fe2f4f-2ubuntu1 |
| esm-apps/xenial | not-affected | 2.0-3 |
| focal | released | 2.0-21-g6fe2f4f-2ubuntu0.20.04.1 |
| hirsute | ignored | end of life |
| impish | released | 2.0-21-g6fe2f4f-2ubuntu0.21.10.3 |
| jammy | released | 2.0-21-g6fe2f4f-2ubuntu1 |
Показывать по
EPSS
7.2 High
CVSS2
7.8 High
CVSS3
Связанные уязвимости
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in v ...
USBView 2.1 before 2.2 allows some local users (e.g., ones logged in via SSH) to execute arbitrary code as root because certain Polkit settings (e.g., allow_any=yes) for pkexec disable the authentication requirement. Code execution can, for example, use the --gtk-module option. This affects Ubuntu, Debian, and Gentoo.
EPSS
7.2 High
CVSS2
7.8 High
CVSS3