High severity8.1NVD Advisory· Published Apr 6, 2017· Updated May 13, 2026

CVE-2017-7572

Description

The _checkPolkitPrivilege function in serviceHelper.py in Back In Time (aka backintime) 1.1.18 and earlier uses a deprecated polkit authorization method (unix-process) that is subject to a race condition (time of check, time of use). With this authorization method, the owner of a process requesting a polkit operation is checked by polkitd via /proc/<pid>/status, by which time the requesting process may have been replaced by a different process with the same PID that has different privileges then the original requester.

Affected products

Backintime Project/Backintime
cpe:2.3:a:backintime_project:backintime:*:*:*:*:*:*:*:*
Range: <=1.1.18

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/bit-team/backintime/commit/7f208dc547f569b689c888103e3b593a48cd1869nvdThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.526
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000