CVE-2024-9313
published 2024-10-03CVE-2024-9313: Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation…
high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | authd | < 0.3.5 | 0.3.5 |
| canonical_ltd | authd | < 0.3.5 | 0.3.5 |
| github.com | ubuntu_authd | >= 0 < 0.0.0-20240930103526-63e527496b01 | 0.0.0-20240930103526-63e527496b01 |
| github.com | ubuntu_authd | >= 0 < 0.3.5 | 0.3.5 |
| github.com | ubuntu_authd | >= 0.1.0 < 0.3.5 | 0.3.5 |