Metrics
Affected Vendors & Products
Wed, 04 Dec 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.16::el9 |
Wed, 04 Dec 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:/a:redhat:openshift:4.17::el9 |
Tue, 26 Nov 2024 06:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Redhat rhel Eus
|
|
CPEs | cpe:/a:redhat:enterprise_linux:9 cpe:/a:redhat:rhel_eus:9.4 |
|
Vendors & Products |
Redhat rhel Eus
|
Mon, 11 Nov 2024 18:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control. | A flaw was found in pam_access, where certain rules in its configuration file are mistakenly treated as hostnames. This vulnerability allows attackers to trick the system by pretending to be a trusted hostname, gaining unauthorized access. This issue poses a risk for systems that rely on this feature to control who can access certain services or terminals. |
Fri, 08 Nov 2024 14:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
threat_severity
|
threat_severity
|
Fri, 08 Nov 2024 06:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
cvssV3_1
|
cvssV3_1
|
Thu, 07 Nov 2024 19:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 07 Nov 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | A vulnerability was found in pam_access due to the improper handling of tokens in access.conf, interpreted as hostnames. This flaw allows attackers to bypass access restrictions by spoofing hostnames, undermining configurations designed to limit access to specific TTYs or services. The flaw poses a risk in environments relying on these configurations for local access control. |
Title | pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass | Pam: improper hostname interpretation in pam_access leads to access control bypass |
First Time appeared |
Redhat
Redhat enterprise Linux Redhat openshift |
|
CPEs | cpe:/a:redhat:openshift:4 cpe:/o:redhat:enterprise_linux:7 cpe:/o:redhat:enterprise_linux:8 cpe:/o:redhat:enterprise_linux:9 |
|
Vendors & Products |
Redhat
Redhat enterprise Linux Redhat openshift |
|
References |
|
Thu, 07 Nov 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | No description is available for this CVE. | |
Title | pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass | |
Weaknesses | CWE-287 | |
References |
| |
Metrics |
threat_severity
|
cvssV3_1
|
Status: PUBLISHED
Assigner: redhat
Published: 2024-11-07T16:02:34.873Z
Updated: 2024-11-11T23:37:25.182Z
Reserved: 2024-11-07T07:29:13.250Z
Link: CVE-2024-10963
Updated: 2024-11-07T18:27:37.229Z
Status : Awaiting Analysis
Published: 2024-11-07T16:15:17.150
Modified: 2024-11-11T18:15:14.487
Link: CVE-2024-10963