CVE-2024-9312

HIGH

Authd <0.3.6 - Privilege Escalation

Title source: llm

Description

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

References (2)

[Exploit, Mitigation, Vendor Advisory] https://github.com/ubuntu/authd/security/advisories/GHSA-4gfw-wf7c-w6g2

[Third Party Advisory] https://www.cve.org/CVERecord?id=CVE-2024-9312

Scores

CVSS v3 7.5

EPSS 0.0005

EPSS Percentile 15.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:C/C:H/I:H/A:H

Classification

CWE

CWE-286 CWE-335

Status published

Affected Products (2)

canonical/authd < 0.3.6

ubuntu/authd Go

Timeline

Published Oct 10, 2024

Tracked Since Feb 18, 2026