ID CVE-2021-3560
Summary It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Vulnerable Configurations
  • cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:-:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.9:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.91:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.92:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.93:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.94:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.95:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.96:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.97:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.98:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.99:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.100:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.101:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.102:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.103:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.104:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.105:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.106:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.107:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.108:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.109:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.110:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.111:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.112:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.112.1:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.112.1:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.113:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.114:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.115:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.116:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.116:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.117:*:*:*:*:*:*:*
  • cpe:2.3:a:polkit_project:polkit:0.118:*:*:*:*:*:*:*
    cpe:2.3:a:polkit_project:polkit:0.118:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  • cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
    cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
    cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*
  • cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
    cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
CVSS
Base: 7.2 (as of 12-06-2023 - 07:15)
Impact:
Exploitability:
CWE CWE-754
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:L/AC:L/Au:N/C:C/I:C/A:C
Last major update 12-06-2023 - 07:15
Published 16-02-2022 - 19:15
Last modified 12-06-2023 - 07:15
Back to Top