Description
The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869
Scores
CVSS v3
8.1
EPSS
0.0065
EPSS Percentile
70.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-362
Status
published
Products (1)
backintime_project/backintime
< 1.1.18
Published
Apr 06, 2017
Tracked Since
Feb 18, 2026