CVE-2024-9312 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-9312 PUBLISHED CVSS 7.5 HIGH

Authd allows attacker-controlled usernames to yield controllable UIDs

EPSS 0.05% · 15.9th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.05%

15.9th percentile

Affected Products

Vendor	Product	Versions
Canonical Ltd.	Authd	0, 0
ubuntu	authd	0, 0
canonical	authd	0, 0
github.com	ubuntu/authd	0, 0

Timeline

Oct 10, 2024 CVE Published
Oct 10, 2024 PoC Published
Oct 11, 2024 EPSS Score
Oct 14, 2024 Coalition ESS Score
Oct 16, 2024 Coalition ESS Score
Oct 29, 2024 EPSS Score
Nov 16, 2024 EPSS Score
Dec 6, 2024 EPSS Score
Dec 24, 2024 EPSS Score
Jan 11, 2025 EPSS Score
Jan 29, 2025 EPSS Score
Feb 5, 2025 Coalition ESS Score

References

Open in Interactive Console →