CVE-2024-10394
CVSS V2 None
CVSS V3 None
Description
A local user can bypass the OpenAFS PAG (Process Authentication Group)
throttling mechanism in Unix clients, allowing the user to create a PAG using
an existing id number, effectively joining the PAG and letting the user steal
the credentials in that PAG.
Overview
- CVE ID
- CVE-2024-10394
- Assigner
- fedora
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-11-14T19:07:50.492Z
- Last Modified Date
- 2024-11-14T19:07:50.492Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://openafs.org/pages/security/OPENAFS-SA-2024-001.txt |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-10394 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-10394 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-11-15 13:18:53 | Added to TrackCVE |