Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.5
CVE-2025-5689
- EPSS 0.02%
- Veröffentlicht 16.06.2025 11:37:12
- Zuletzt bearbeitet 26.08.2025 16:04:34
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
6.4
CVE-2024-9312
- EPSS 0.03%
- Veröffentlicht 10.10.2024 14:15:05
- Zuletzt bearbeitet 26.08.2025 17:43:11
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
8.8
CVE-2024-9313
- EPSS 0.51%
- Veröffentlicht 03.10.2024 11:15:13
- Zuletzt bearbeitet 26.08.2025 17:44:31
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
1