VDB
CVE-2024-9312
CVE-2024-9312
PUBLISHED
CVSS 7.5 HIGH
Authd allows attacker-controlled usernames to yield controllable UIDs
EPSS 0.05% · 16.4th percentile
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score
0.05%
16.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Canonical Ltd. | Authd | 0, 0 |
| ubuntu | authd | 0, 0 |
| canonical | authd | 0, 0 |
| github.com | ubuntu/authd | 0, 0 |
Exploit Intelligence
- https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 (nist-nvd)
- CIRCL seen: CVE-2024-9312 (circl-sighting)
- https://www.cve.org/CVERecord?id=CVE-2024-9312 (circl)
Timeline
- Oct 10, 2024 CVE Published
- Oct 10, 2024 PoC Published
- Oct 11, 2024 EPSS Score
- Oct 14, 2024 Coalition ESS Score
- Oct 16, 2024 Coalition ESS Score
- Oct 30, 2024 EPSS Score
- Nov 18, 2024 EPSS Score
- Dec 7, 2024 EPSS Score
- Dec 26, 2024 EPSS Score
- Jan 14, 2025 EPSS Score
- Feb 2, 2025 EPSS Score
- Feb 5, 2025 Coalition ESS Score