Lucene search
China National Vulnerability DatabaseCNVD-2022-21543HistoryMar 17, 2022 - 12:00 a.m.
Bareos Access Control Error Vulnerability
2022-03-1700:00:00
China National Vulnerability Database
www.cnvd.org.cn
9
0.004 Low
EPSS
Percentile
72.5%
Bareos is a suite of open source data backup storage and recovery software from Bareos, a German company. Bareos suffers from an access control error vulnerability that stems from the fact that the affected product will completely skip authorization checks when built and configured for PAM authentication, which could be exploited by an attacker to cause expired accounts and accounts with expired passwords to still be able to log in.
| CPE | Name | Operator | Version |
|---|---|---|---|
| bareos bareos | lt | 21.1.0 | |
| bareos bareos | lt | 20.0.6 | |
| bareos bareos | lt | 19.2.12 | |
| bareos bareos | eq | 18.2 |
Related
prion
prion
Authorization
2022-03-15 15:15:00
cvelist
cvelist
CVE-2022-24755 Incorrect Authorization in Bareos Director
2022-03-15 14:35:13
debiancve
debiancve
CVE-2022-24755
2022-03-15 15:15:08
alpinelinux
alpinelinux
CVE-2022-24755
2022-03-15 15:15:00
huntr
huntr
Improper Authorization and possible DoS when using PAM Auth
2022-03-06 23:18:55
osv
osv
CVE-2022-24755
2022-03-15 15:15:08
nvd
nvd
CVE-2022-24755
2022-03-15 15:15:08
cve
cve
CVE-2022-24755
2022-03-15 15:15:08
ubuntucve
ubuntucve
CVE-2022-24755
2022-03-15 00:00:00