github.com/ubuntu/authd
Go2 known CVEs affecting this package
Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.
CVEs affecting github.com/ubuntu/authdpage 1 of 1
- CVE-2024-9312HIGHCVSS 7.5EG 7.5✓ Fixed in 0.3.62024-10-10
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
- CVE-2024-9313HIGHCVSS 8.8EG 8.8✓ Fixed in 0.3.52024-10-03
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
Check whether github.com/ubuntu/authd is used in your infrastructure
EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/ubuntu/authd CVEs against the assets you own.
Start Free Scan →