关键信息 CVE-2024-9313 CNA: Canonical Ltd. Published: 2024-10-03 Updated: 2024-10-03 Description: Authd PAM module before version 0.3.5 allows broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. CVSS Score: 8.8 (HIGH) Severity: HIGH Version: 3.1 Vector String: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Vendor: Canonical Ltd. Product: Authd Platforms: Linux Default Status: unknown Affected Versions: 0 before 0.3.5 Credits: - Marco Trevisan (finder) - Didier Roche-Tolomelli (remediation developer) - Mark Esler (coordinator) References: - GitHub Issue - CVE Record Authorized Data Publishers CISA-ADP Additional Information Policies & Cookies: - Terms of Use - Website Security Policy - Privacy Policy - Cookie Notice - Manage Cookies Media: - News - Blogs - Podcasts - Email newsletter sign up Social Media: - Twitter - LinkedIn - YouTube - GitHub Contact: - CVE Program Support - CNA Partners - CVE Website Support - CVE Program Idea Tracker Summary This CVE record details a security vulnerability in the Authd PAM module before version 0.3.5, affecting broker-managed users on Linux platforms. The vulnerability allows impersonation and execution of PAM operations, including authentication, with potentially severe consequences. The record includes details on the vendor, affected versions, and references for further information.