Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/ubuntu/authd: CVE-2024-9313 #3181

Closed
GoVulnBot opened this issue Oct 3, 2024 · 2 comments
Closed

x/vulndb: potential Go vuln in github.com/ubuntu/authd: CVE-2024-9313 #3181

GoVulnBot opened this issue Oct 3, 2024 · 2 comments
Assignees
@maceonthompson
Labels
triaged

Comments

@GoVulnBot
Copy link

Advisory CVE-2024-9313 references a vulnerability in the following Go modules:

Module
github.com/ubuntu/authd

Description:
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.

References:

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/ubuntu/authd
      vulnerable_at: 0.0.0-20230706090440-d8cb2d561419
summary: CVE-2024-9313 in github.com/ubuntu/authd
cves:
    - CVE-2024-9313
references:
    - advisory: https://www.cve.org/CVERecord?id=CVE-2024-9313
    - web: https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787
source:
    id: CVE-2024-9313
    created: 2024-10-03T13:01:20.97297661Z
review_status: UNREVIEWED
@maceonthompson maceonthompson self-assigned this Oct 8, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/619135 mentions this issue: data/reports: add 15 reports

@GoVulnBot GoVulnBot mentioned this issue Oct 10, 2024
Closed
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/645255 mentions this issue: data/reports: review GO-2024-3181

gopherbot pushed a commit that referenced this issue Jan 29, 2025
@tatianab @gopherbot
data/reports: review GO-2024-3181
ae72f7b 
  - data/reports/GO-2024-3181.yaml

Fixes #3181
Fixes #3388

Change-Id: I13ed687b23ac3a1cd83076b6d720dc717386628d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/645255
LUCI-TryBot-Result: Go LUCI <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@maceonthompson maceonthompson

Labels
triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@gopherbot @maceonthompson @GoVulnBot