rpm package
suse/polkit&distro=HPE Helion OpenStack 8
pkg:rpm/suse/polkit&distro=HPE%20Helion%20OpenStack%208
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2021-3560 | — | KEV | < 0.113-5.21.1 | 0.113-5.21.1 | Feb 16, 2022 | It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest | |
| CVE-2021-4034 | — | KEV | < 0.113-5.24.1 | 0.113-5.24.1 | Jan 28, 2022 | A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin | |
| CVE-2019-6133 | — | < 0.113-5.18.1 | 0.113-5.18.1 | Jan 11, 2019 | In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c. |
- affected < 0.113-5.21.1fixed 0.113-5.21.1
It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest
- affected < 0.113-5.24.1fixed 0.113-5.24.1
A local privilege escalation vulnerability was found on polkit's pkexec utility. The pkexec application is a setuid tool designed to allow unprivileged users to run commands as privileged users according predefined policies. The current version of pkexec doesn't handle the callin
- CVE-2019-6133Jan 11, 2019affected < 0.113-5.18.1fixed 0.113-5.18.1
In PolicyKit (aka polkit) 0.115, the "start time" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.