CVE-2024-9312
published 2024-10-10CVE-2024-9312: Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another…
medium6.4CVSS 3.1
AVLACHPRHUINSUCHIHAH
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | authd | < 0.3.6 | 0.3.6 |
| canonical_ltd | authd | < 0.3.6 | 0.3.6 |
| github.com | ubuntu_authd | >= 0 < 0.3.6 | 0.3.6 |
| github.com | ubuntu_authd | 0 – 0.0.0-20230706090440-d8cb2d561419 | — |