← volver
CVE-2021-3784

Garuda Linux Improper Authorization

CVSS 5.3 MEDIUMEPSS 0.2%CWE-287
Vexday Risk Score
13Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 5.3EPSS 0.2%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
04 oct 2023Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the 'Garuda settings manager', an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L
Productos afectados
Garuda Linux · Garuda Linux