CVE-2024-9312

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 0.8 / Impact : 6.0

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2
https://www.cve.org/CVERecord?id=CVE-2024-9312

Configurations

No configuration.

History

No history.

Information

Published : 2024-10-10 14:15

Updated : 2024-10-15 12:58

NVD link : CVE-2024-9312

Mitre link : CVE-2024-9312

CVE.ORG link : CVE-2024-9312

JSON object : View

Products Affected

No product.

CWE

CWE-286

Incorrect User Management

7.5 /10