CVE-2026-6970
- EPSS 0.02%
- Veröffentlicht 27.04.2026 15:28:48
- Zuletzt bearbeitet 27.04.2026 18:35:53
authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID (GID) differs from their UID, either because the account was created with authd prior to ve...
CVE-2025-5689
- EPSS 0.08%
- Veröffentlicht 16.06.2025 11:37:12
- Zuletzt bearbeitet 26.08.2025 16:04:34
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
CVE-2024-9312
- EPSS 0.05%
- Veröffentlicht 10.10.2024 14:15:05
- Zuletzt bearbeitet 26.08.2025 17:43:11
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
CVE-2024-9313
- EPSS 0.48%
- Veröffentlicht 03.10.2024 11:15:13
- Zuletzt bearbeitet 26.08.2025 17:44:31
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.