Go modules package
github.com/ubuntu/authd
pkg:golang/github.com/ubuntu/authd
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-5689 | — | < 0.5.4 | 0.5.4 | Jun 16, 2025 | A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | ||
| CVE-2024-9312 | — | <= 0.0.0-20230706090440-d8cb2d561419 | — | Oct 10, 2024 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | ||
| CVE-2024-9313 | — | < 0.0.0-20240930103526-63e527496b01 | 0.0.0-20240930103526-63e527496b01 | Oct 3, 2024 | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. |
- CVE-2025-5689Jun 16, 2025affected < 0.5.4fixed 0.5.4
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.
- CVE-2024-9312Oct 10, 2024affected <= 0.0.0-20230706090440-d8cb2d561419
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
- CVE-2024-9313Oct 3, 2024affected < 0.0.0-20240930103526-63e527496b01fixed 0.0.0-20240930103526-63e527496b01
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.