Go : PAM Authorization Bypass #686
Description
CVE(s) ID list
| Project | Current State | CVE ID | Issue | Pull Request |
|---|---|---|---|---|
| emersion/webpass | Fix Merged. CVE Pending | emersion/webpass#10 | emersion/webpass#11 | |
| nDenerserve/SmartPi | Fix Merged. CVE Pending | nDenerserve/SmartPi#120 | nDenerserve/SmartPi#121 | |
| nethesis/nethvoice-report | Fix Merged. CVE Pending | nethesis/nethvoice-report#172 | ||
| netsec-ethz/scion-apps | Fix Merged. CVE Pending | netsec-ethz/scion-apps#228 | netsec-ethz/scion-apps#229 | |
| rtgnx/PAMAuthd | Fix Merged. CVE Pending | rtgnx/PAMAuthd#3 | rtgnx/PAMAuthd#4 | |
| scusi/spipe | Fix Merged. CVE Pending | scusi/spipe#1 | scusi/spipe#2 |
All For One submission
Details
This vulnerability pattern was found in 13 projects. Of these 2 were already reported by someone else. developing a CodeQL query for this issue lead to the discovery of 11 other projects. Of these 11, there are approximately 8 projects were this vulnerability has been fixed.
CVSS Impact
Using this attack vector, an attacker may access otherwise restricted parts of the system. The attack can be used to gain access to confidential files like passwords, login credentials and other secrets. Hence, it has a high impact on confidentiality. It may also be directly used to affect a change on a system resource. Hence has a medium to high impact on integrity. This attack may not be used to affect the availability of the system. Taking this account an appropriate CVSS v3.1 vector would be
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N
This gives it a base score of 7.7/10 and a severity rating of high.
Proof Of detection
Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).
- Yes
- No
Blog post link
No response