CVE-2024-9312

Опубликовано: 10 окт. 2024

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS3: 7.5

Описание

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

Ссылки на источники

EPSS

Процентиль: 15%

0.00049

Низкий

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-9312

CVSS3: 7.5

nvd

больше 1 года назад

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

GHSA-4gfw-wf7c-w6g2

CVSS3: 7.5

github

больше 1 года назад

Authd allows attacker-controlled usernames to yield controllable UIDs

SUSE-SU-2025:0429-1

suse-cvrf

12 месяцев назад

Security update for govulncheck-vulndb

SUSE-SU-2024:3911-1

suse-cvrf

больше 1 года назад

Security update for govulncheck-vulndb

EPSS

Процентиль: 15%

0.00049

Низкий

7.5 High

CVSS3