CVE-2024-9312
CVSS V2 None
CVSS V3 None
Description
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
Overview
- CVE ID
- CVE-2024-9312
- Assigner
- canonical
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-10-10T13:42:31.950Z
- Last Modified Date
- 2024-10-10T14:55:40.228Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2 | issue-tracking |
| https://www.cve.org/CVERecord?id=CVE-2024-9312 | issue-tracking |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-9312 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-9312 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-10-11 13:35:57 | Added to TrackCVE |