Lucene search

[email protected]CVE-2021-3784

HistoryOct 04, 2023 - 4:15 p.m.

CVE-2021-3784

2023-10-0416:15:09

CWE-287

[email protected]

web.nvd.nist.gov

garuda linux

user creation

authentication

security vulnerability

cve-2021-3784

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Garuda Linux performs an insecure user creation and authentication that allows any user to impersonate the created account. By creating users from the ‘Garuda settings manager’, an insecure procedure is performed that keeps the created user without an assigned password during some seconds. This could allow a potential attacker to exploit this vulnerability in order to authenticate without knowing the password.

Affected configurations

Vulners

NVD

Node

garuda_linuxgaruda_linuxRange≤all versions

CPENameOperatorVersion
garudalinux:garuda_linuxgarudalinux garuda linuxeq-

CPE	Name	Operator	Version
garudalinux:garuda_linux	garudalinux garuda linux	eq	-

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "Garuda Linux",
    "vendor": "Garuda Linux",
    "versions": [
      {
        "status": "affected",
        "version": "all versions"
      }
    ]
  }
]

References

www.incibe.es/en/incibe-cert/notices/aviso/garuda-linux-improper-authorization

7 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2021-3784

cvelist1 prion1 nvd1