CVE-2024-9313 — Vulnetix

Try Vulnetix Request Demo

CVE-2024-9313 PUBLISHED CVSS 8.800000190734863 HIGH

Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.

EPSS 0.48% · 65.1th percentile

Risk Scores

CVSS v3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.48%

65.1th percentile

Affected Products

Vendor	Product	Versions
github.com	ubuntu/authd	0, 0.1.0, 0
canonical	authd	0, 0
Canonical Ltd.	Authd	0, 0

Timeline

Oct 3, 2024 CVE Published
Oct 3, 2024 PoC Published
Oct 4, 2024 EPSS Score
Oct 4, 2024 PoC Published
Oct 4, 2024 PoC Published
Oct 4, 2024 PoC Published
Oct 5, 2024 Coalition ESS Score
Oct 5, 2024 PoC Published
Oct 16, 2024 Coalition ESS Score
Oct 22, 2024 EPSS Score
Nov 10, 2024 EPSS Score
Nov 28, 2024 EPSS Score

References

Open in Interactive Console →