Vulnerability-Lookup

CVE-2021-3560 (GCVE-0-2021-3560)

Vulnerability from cvelistv5 – Published: 2022-02-16 00:00 – Updated: 2025-10-21 23:15

CISA KEV

Summary

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

CWE-863

Assigner

redhat

References

4 references

URL	Tags
https://bugzilla.redhat.com/show_bug.cgi?id=1961710
https://github.blog/2021-06-10-privilege-escalati…
http://packetstormsecurity.com/files/172836/polki…
http://packetstormsecurity.com/files/172846/Faceb…

Impacted products

1 product

Vendor	Product	Version
n/a	polkit	Affected: polkit 0.119

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: 2acf1b60-8bdc-45a3-82f1-b983f55668f3

Vulnerability ID: CVE-2021-3560

Status: Confirmed

Status Updated: 2023-05-12 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2023-05-12

Asserted: 2023-05-12

Scope

Notes: KEV entry: Red Hat Polkit Incorrect Authorization Vulnerability | Affected: Red Hat / Polkit | Description: Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation. | Required action: Apply updates per vendor instructions. | Due date: 2023-06-02 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-863
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	Polkit
Due Date	2023-06-02
Date Added	2023-05-12
Vendorproject	Red Hat
Vulnerabilityname	Red Hat Polkit Incorrect Authorization Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2021-3560

Created: 2026-02-02 12:26 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T17:01:06.571Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-3560",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T21:24:12.585039Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2023-05-12",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
              },
              "type": "kev"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:15:46.259Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2023-05-12T00:00:00.000Z",
            "value": "CVE-2021-3560 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "polkit",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "polkit 0.119"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-863",
              "description": "CWE-863",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-06-12T06:06:22.689Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
        },
        {
          "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
        },
        {
          "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
        },
        {
          "url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2021-3560",
    "datePublished": "2022-02-16T00:00:00.000Z",
    "dateReserved": "2021-05-20T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:15:46.259Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-3560",
      "cwes": "[\"CWE-863\"]",
      "dateAdded": "2023-05-12",
      "dueDate": "2023-06-02",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710; https://nvd.nist.gov/vuln/detail/CVE-2021-3560",
      "product": "Polkit",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.",
      "vendorProject": "Red Hat",
      "vulnerabilityName": "Red Hat Polkit Incorrect Authorization Vulnerability"
    },
    "epss": {
      "cve": "CVE-2021-3560",
      "date": "2026-05-19",
      "epss": "0.10475",
      "percentile": "0.93323"
    },
    "fkie_nvd": {
      "cisaActionDue": "2023-06-02",
      "cisaExploitAdd": "2023-05-12",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Red Hat Polkit Incorrect Authorization Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"0.119\", \"matchCriteriaId\": \"771AB1EA-D17C-4DFC-9A97-B197F1771818\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8E442013-EBF8-44F2-AAAA-B23816F3230E\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}, {\"operator\": \"AND\", \"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6\"}]}, {\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"}, {\"vulnerable\": false, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"}, {\"lang\": \"es\", \"value\": \"Se ha detectado que polkit pod\\u00eda ser enga\\u00f1ado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podr\\u00eda ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\\u00ed como para la disponibilidad del sistema\"}]",
      "id": "CVE-2021-3560",
      "lastModified": "2024-11-21T06:21:50.987",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2022-02-16T19:15:08.450",
      "references": "[{\"url\": \"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}, {\"url\": \"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "secalert@redhat.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-863\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-3560\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-02-16T19:15:08.450\",\"lastModified\":\"2025-11-06T14:50:43.827\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se ha detectado que polkit pod\u00eda ser enga\u00f1ado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podr\u00eda ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2023-05-12\",\"cisaActionDue\":\"2023-06-02\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Red Hat Polkit Incorrect Authorization Vulnerability\",\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-863\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"0.119\",\"matchCriteriaId\":\"771AB1EA-D17C-4DFC-9A97-B197F1771818\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8E442013-EBF8-44F2-AAAA-B23816F3230E\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6BBD7A51-0590-4DDF-8249-5AFA8D645CB6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BB28F9AF-3D06-4532-B397-96D7E4792503\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]},{\"operator\":\"AND\",\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6\"}]},{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"142AD0DD-4CF3-4D74-9442-459CE3347E3A\"},{\"vulnerable\":false,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"}]}]}],\"references\":[{\"url\":\"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Third Party Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\", \"tags\": [\"x_transferred\"]}, {\"url\": \"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T17:01:06.571Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-3560\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T21:24:12.585039Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2023-05-12\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560\"}}}], \"timeline\": [{\"lang\": \"en\", \"time\": \"2023-05-12T00:00:00.000Z\", \"value\": \"CVE-2021-3560 added to CISA KEV\"}], \"references\": [{\"url\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560\", \"tags\": [\"government-resource\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T21:24:29.934Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"polkit\", \"versions\": [{\"status\": \"affected\", \"version\": \"polkit 0.119\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1961710\"}, {\"url\": \"https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\"}, {\"url\": \"http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html\"}, {\"url\": \"http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-863\", \"description\": \"CWE-863\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2023-06-12T06:06:22.689Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2021-3560\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-10-21T23:15:46.259Z\", \"dateReserved\": \"2021-05-20T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-02-16T00:00:00.000Z\", \"assignerShortName\": \"redhat\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2022-AVI-351

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les logiciels Juniper . Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Contrail Networking versions antérieures à 2011.L4 et 21.3
Juniper Networks	N/A	JIMS versions antérieures à 1.4.0
Juniper Networks	N/A	Paragon Active Assurance versions 3.3.x
Juniper Networks	Secure Analytics	Secure Analytics versions 7.4.x anttérieures à 7.4.2 FixPack 2
Juniper Networks	Secure Analytics	Secure Analytics versions 7.3.x antérieures à 7.3.3 FixPack 7
Juniper Networks	N/A	Paragon Active Assurance versions 3.1.x
Juniper Networks	N/A	Contrail Service Orchestration versions 6.0.x antérieures à 6.0.0 Patch v3
Juniper Networks	N/A	Paragon Active Assurance versions 3.2.x

References

Title

Publication Time

CERTFR-2022-AVI-351

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Juniper Networks	N/A	Contrail Networking versions antérieures à 2011.L4 et 21.3
Juniper Networks	N/A	JIMS versions antérieures à 1.4.0
Juniper Networks	N/A	Paragon Active Assurance versions 3.3.x
Juniper Networks	Secure Analytics	Secure Analytics versions 7.4.x anttérieures à 7.4.2 FixPack 2
Juniper Networks	Secure Analytics	Secure Analytics versions 7.3.x antérieures à 7.3.3 FixPack 7
Juniper Networks	N/A	Paragon Active Assurance versions 3.1.x
Juniper Networks	N/A	Contrail Service Orchestration versions 6.0.x antérieures à 6.0.0 Patch v3
Juniper Networks	N/A	Paragon Active Assurance versions 3.2.x

References

Title

Publication Time

BDU:2021-03207

Vulnerability from fstec - Published: 03.06.2021

Title

Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit, позволяющая нарушителю повысить свои привилегии

Description

Уязвимость функции polkit_system_bus_name_get_creds_sync() демона dbus-daemon библиотеки Polkit связана с недостатками контроля доступа. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии

Severity ?


                    
                      AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Vendor

Red Hat Inc., Canonical Ltd., Сообщество свободного программного обеспечения, ООО «Ред Софт», АО «ИВК»

Software Name

Red Hat Virtualization, Red Hat Enterprise Linux, Ubuntu, Polkit, РЕД ОС (запись в едином реестре российских программ №3751), Альт 8 СП (запись в едином реестре российских программ №4305)

Software Version

4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 8.1 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), от 0.113 до 0.119 включительно (Polkit), 7.3 (РЕД ОС), - (Альт 8 СП)

Possible Mitigations

Использование рекомендаций: Для Polkit: https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ Для программных продуктов Red Hat Inc.: https://access.redhat.com/security/cve/cve-2021-3560 Для Ubuntu: https://ubuntu.com/security/notices/USN-4980-1 Для РедОС: http://repo.red-soft.ru/redos/7.3c/x86_64/updates/ Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства

Reference

https://access.redhat.com/security/cve/cve-2021-3560 https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/ https://redos.red-soft.ru/support/secure/ https://ubuntu.com/security/notices/USN-4980-1 https://altsp.su/obnovleniya-bezopasnosti/ https://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv

CWE

CWE-863

JSON

To clipboard

{
  "CVSS 2.0": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
  "CVSS 3.0": "AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Red Hat Inc., Canonical Ltd., \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0435\u0434 \u0421\u043e\u0444\u0442\u00bb, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "4 (Red Hat Virtualization), 8 (Red Hat Enterprise Linux), 20.04 LTS (Ubuntu), 20.10 (Ubuntu), 8.1 Extended Update Support (Red Hat Enterprise Linux), 8.2 Extended Update Support (Red Hat Enterprise Linux), \u043e\u0442 0.113 \u0434\u043e 0.119 \u0432\u043a\u043b\u044e\u0447\u0438\u0442\u0435\u043b\u044c\u043d\u043e (Polkit), 7.3 (\u0420\u0415\u0414 \u041e\u0421), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f Polkit:\nhttps://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2021-3560\n\n\u0414\u043b\u044f Ubuntu:\nhttps://ubuntu.com/security/notices/USN-4980-1\n\n\u0414\u043b\u044f \u0420\u0435\u0434\u041e\u0421: \nhttp://repo.red-soft.ru/redos/7.3c/x86_64/updates/\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "03.06.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "24.09.2024",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "23.06.2021",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-03207",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2021-3560",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Red Hat Virtualization, Red Hat Enterprise Linux, Ubuntu, Polkit, \u0420\u0415\u0414 \u041e\u0421 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21163751), \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "Red Hat Inc. Red Hat Enterprise Linux 8 , Canonical Ltd. Ubuntu 20.04 LTS , Canonical Ltd. Ubuntu 20.10 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f -  (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305)",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 polkit_system_bus_name_get_creds_sync() \u0434\u0435\u043c\u043e\u043d\u0430 dbus-daemon \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Polkit, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0421\u0443\u0449\u0435\u0441\u0442\u0432\u0443\u0435\u0442 \u0432 \u043e\u0442\u043a\u0440\u044b\u0442\u043e\u043c \u0434\u043e\u0441\u0442\u0443\u043f\u0435",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041d\u0435\u043f\u0440\u0430\u0432\u0438\u043b\u044c\u043d\u0430\u044f \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u044f (CWE-863)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 polkit_system_bus_name_get_creds_sync() \u0434\u0435\u043c\u043e\u043d\u0430 dbus-daemon \u0431\u0438\u0431\u043b\u0438\u043e\u0442\u0435\u043a\u0438 Polkit \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043d\u0435\u0434\u043e\u0441\u0442\u0430\u0442\u043a\u0430\u043c\u0438 \u043a\u043e\u043d\u0442\u0440\u043e\u043b\u044f \u0434\u043e\u0441\u0442\u0443\u043f\u0430. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u043f\u043e\u0432\u044b\u0441\u0438\u0442\u044c \u0441\u0432\u043e\u0438 \u043f\u0440\u0438\u0432\u0438\u043b\u0435\u0433\u0438\u0438",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445, \u041d\u0430\u0440\u0443\u0448\u0435\u043d\u0438\u0435 \u0430\u0432\u0442\u043e\u0440\u0438\u0437\u0430\u0446\u0438\u0438",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2021-3560\nhttps://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/\nhttps://redos.red-soft.ru/support/secure/\nhttps://ubuntu.com/security/notices/USN-4980-1\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://www.cisa.gov/sites/default/files/csv/known_exploited_vulnerabilities.csv",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438/\u041f\u041e \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e-\u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430, \u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-863",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,2)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,8)"
}

FKIE_CVE-2021-3560

Vulnerability from fkie_nvd - Published: 2022-02-16 19:15 - Updated: 2025-11-06 14:50

CISA KEV

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
secalert@redhat.com	http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html	Third Party Advisory, VDB Entry
secalert@redhat.com	http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html	Third Party Advisory, VDB Entry
secalert@redhat.com	https://bugzilla.redhat.com/show_bug.cgi?id=1961710	Issue Tracking, Patch, Vendor Advisory
secalert@redhat.com	https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/	Exploit, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://bugzilla.redhat.com/show_bug.cgi?id=1961710	Issue Tracking, Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/	Exploit, Third Party Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560	US Government Resource

Impacted products

Vendor	Product	Version
polkit_project	polkit	*
debian	debian_linux	11.0
canonical	ubuntu_linux	20.04
redhat	virtualization	4.0
redhat	virtualization_host	4.0
redhat	enterprise_linux	8.0
redhat	openshift_container_platform	4.7
redhat	enterprise_linux	7.0
redhat	enterprise_linux	8.0

JSON

To clipboard

{
  "cisaActionDue": "2023-06-02",
  "cisaExploitAdd": "2023-05-12",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Red Hat Polkit Incorrect Authorization Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "771AB1EA-D17C-4DFC-9A97-B197F1771818",
              "versionEndExcluding": "0.119",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E442013-EBF8-44F2-AAAA-B23816F3230E",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "6BBD7A51-0590-4DDF-8249-5AFA8D645CB6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "14CF53D2-B585-4EA5-8F18-21BC9ECBB4B6",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A",
              "vulnerable": false
            },
            {
              "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    },
    {
      "lang": "es",
      "value": "Se ha detectado que polkit pod\u00eda ser enga\u00f1ado para omitir las comprobaciones de credenciales para las peticiones de D-Bus, elevando los privilegios del solicitante al usuario root. Este fallo podr\u00eda ser usado por un atacante local no privilegiado para, por ejemplo, crear un nuevo administrador local. La mayor amenaza de esta vulnerabilidad es para la confidencialidad e integridad de los datos, as\u00ed como para la disponibilidad del sistema"
    }
  ],
  "id": "CVE-2021-3560",
  "lastModified": "2025-11-06T14:50:43.827",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2022-02-16T19:15:08.450",
  "references": [
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Issue Tracking",
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Third Party Advisory"
      ],
      "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "secalert@redhat.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-7C49-J253-WQ5R

Vulnerability from github – Published: 2022-02-17 00:00 – Updated: 2025-10-22 00:32

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-3560"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-754",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2022-02-16T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
  "id": "GHSA-7c49-j253-wq5r",
  "modified": "2025-10-22T00:32:30Z",
  "published": "2022-02-17T00:00:28Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-3560"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
    },
    {
      "type": "WEB",
      "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-3560"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
    },
    {
      "type": "WEB",
      "url": "http://packetstormsecurity.com/files/172846/Facebook-Fizz-Denial-Of-Service.html"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2021-3560

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-3560

Aliases

CVE-2021-3560

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-3560",
    "description": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
    "id": "GSD-2021-3560",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-3560.html",
      "https://access.redhat.com/errata/RHSA-2021:2555",
      "https://access.redhat.com/errata/RHSA-2021:2522",
      "https://access.redhat.com/errata/RHSA-2021:2238",
      "https://access.redhat.com/errata/RHSA-2021:2237",
      "https://access.redhat.com/errata/RHSA-2021:2236",
      "https://ubuntu.com/security/CVE-2021-3560",
      "https://advisories.mageia.org/CVE-2021-3560.html",
      "https://security.archlinux.org/CVE-2021-3560",
      "https://linux.oracle.com/cve/CVE-2021-3560.html",
      "https://packetstormsecurity.com/files/cve/CVE-2021-3560"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-3560"
      ],
      "details": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
      "id": "GSD-2021-3560",
      "modified": "2023-12-13T01:23:34.811778Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "secalert@redhat.com",
        "ID": "CVE-2021-3560",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "polkit",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "polkit 0.119"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-863"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710",
            "refsource": "MISC",
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
          },
          {
            "name": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/",
            "refsource": "MISC",
            "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
          },
          {
            "name": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html",
            "refsource": "MISC",
            "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:polkit_project:polkit:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "0.119",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:canonical:ubuntu_linux:20.04:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  },
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          },
          {
            "children": [
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:a:redhat:openshift_container_platform:4.7:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": true
                  }
                ],
                "operator": "OR"
              },
              {
                "children": [],
                "cpe_match": [
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  },
                  {
                    "cpe23Uri": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
                    "cpe_name": [],
                    "vulnerable": false
                  }
                ],
                "operator": "OR"
              }
            ],
            "cpe_match": [],
            "operator": "AND"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2021-3560"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Third Party Advisory"
              ],
              "url": "https://github.blog/2021-06-10-privilege-escalation-polkit-root-on-linux-with-bug/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710",
              "refsource": "MISC",
              "tags": [
                "Issue Tracking",
                "Patch",
                "Vendor Advisory"
              ],
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1961710"
            },
            {
              "name": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://packetstormsecurity.com/files/172836/polkit-Authentication-Bypass.html"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2023-06-12T07:15Z",
      "publishedDate": "2022-02-16T19:15Z"
    }
  }
}

MSRC_CVE-2021-3560

Vulnerability from csaf_microsoft - Published: 2022-02-02 00:00 - Updated: 2022-03-01 00:00

Summary

It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Notes

Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle

Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.

CVE-2021-3560

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-754 - Improper Check for Unusual or Exceptional Conditions

Affected products

Fixed 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 18898-16820		—

Known affected 1 product

Product	Identifier	Version	Remediation
Unresolved product id: 16820-1		—	Vendor Fix fix

References

4 references

URL	Category
https://msrc.microsoft.com/csaf/vex/2022/msrc_cve…	self
https://support.microsoft.com/lifecycle	external
https://www.first.org/cvss	external
https://msrc.microsoft.com/csaf/vex/2022/msrc_cve…	self

JSON

To clipboard

{
  "document": {
    "category": "csaf_vex",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Public",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en-US",
    "notes": [
      {
        "category": "general",
        "text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
        "title": "Additional Resources"
      },
      {
        "category": "legal_disclaimer",
        "text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
        "title": "Disclaimer"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "secure@microsoft.com",
      "name": "Microsoft Security Response Center",
      "namespace": "https://msrc.microsoft.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "CVE-2021-3560 It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
        "url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2021-3560.json"
      },
      {
        "category": "external",
        "summary": "Microsoft Support Lifecycle",
        "url": "https://support.microsoft.com/lifecycle"
      },
      {
        "category": "external",
        "summary": "Common Vulnerability Scoring System",
        "url": "https://www.first.org/cvss"
      }
    ],
    "title": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
    "tracking": {
      "current_release_date": "2022-03-01T00:00:00.000Z",
      "generator": {
        "date": "2025-10-19T23:18:12.207Z",
        "engine": {
          "name": "MSRC Generator",
          "version": "1.0"
        }
      },
      "id": "msrc_CVE-2021-3560",
      "initial_release_date": "2022-02-02T00:00:00.000Z",
      "revision_history": [
        {
          "date": "2022-03-01T00:00:00.000Z",
          "legacy_version": "1",
          "number": "1",
          "summary": "Information published."
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "1.0",
                "product": {
                  "name": "CBL Mariner 1.0",
                  "product_id": "16820"
                }
              }
            ],
            "category": "product_name",
            "name": "Azure Linux"
          },
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003ccm1 polkit 0.116-6",
                "product": {
                  "name": "\u003ccm1 polkit 0.116-6",
                  "product_id": "1"
                }
              },
              {
                "category": "product_version",
                "name": "cm1 polkit 0.116-6",
                "product": {
                  "name": "cm1 polkit 0.116-6",
                  "product_id": "18898"
                }
              }
            ],
            "category": "product_name",
            "name": "polkit"
          }
        ],
        "category": "vendor",
        "name": "Microsoft"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "\u003ccm1 polkit 0.116-6 as a component of CBL Mariner 1.0",
          "product_id": "16820-1"
        },
        "product_reference": "1",
        "relates_to_product_reference": "16820"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cm1 polkit 0.116-6 as a component of CBL Mariner 1.0",
          "product_id": "18898-16820"
        },
        "product_reference": "18898",
        "relates_to_product_reference": "16820"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3560",
      "cwe": {
        "id": "CWE-754",
        "name": "Improper Check for Unusual or Exceptional Conditions"
      },
      "notes": [
        {
          "category": "general",
          "text": "redhat",
          "title": "Assigning CNA"
        }
      ],
      "product_status": {
        "fixed": [
          "18898-16820"
        ],
        "known_affected": [
          "16820-1"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "CVE-2021-3560 It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
          "url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2021-3560.json"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2022-03-01T00:00:00.000Z",
          "details": "0.116-6:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
          "product_ids": [
            "16820-1"
          ],
          "url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "environmentalsScore": 0.0,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "temporalScore": 7.8,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "16820-1"
          ]
        }
      ],
      "title": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to for example create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
    }
  ]
}

OPENSUSE-SU-2021:0838-1

Vulnerability from csaf_opensuse - Published: 2021-06-04 08:34 - Updated: 2021-06-04 08:34

Summary

Security update for polkit

Severity

Important

Notes

Title of the patch: Security update for polkit

Description of the patch: This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497). This update was imported from the SUSE:SLE-15-SP2:Update update project.

Patchnames: openSUSE-2021-838

CVE-2021-3560

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 10 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:libpolkit0-32bit-0.116-lp152.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:polkit-doc-0.116-lp152.2.3.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1186497	self
https://www.suse.com/security/cve/CVE-2021-3560/	self
https://www.suse.com/security/cve/CVE-2021-3560	external
https://bugzilla.suse.com/1186497	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for polkit",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for polkit fixes the following issues:\n\n- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2021-838",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0838-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:0838-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABSE3IWWQYLOHOVCNFCOZVXFZAYMJYN4/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:0838-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/ABSE3IWWQYLOHOVCNFCOZVXFZAYMJYN4/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186497",
        "url": "https://bugzilla.suse.com/1186497"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3560 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3560/"
      }
    ],
    "title": "Security update for polkit",
    "tracking": {
      "current_release_date": "2021-06-04T08:34:08Z",
      "generator": {
        "date": "2021-06-04T08:34:08Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:0838-1",
      "initial_release_date": "2021-06-04T08:34:08Z",
      "revision_history": [
        {
          "date": "2021-06-04T08:34:08Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-lp152.2.3.1.i586",
                "product": {
                  "name": "libpolkit0-0.116-lp152.2.3.1.i586",
                  "product_id": "libpolkit0-0.116-lp152.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-lp152.2.3.1.i586",
                "product": {
                  "name": "polkit-0.116-lp152.2.3.1.i586",
                  "product_id": "polkit-0.116-lp152.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-lp152.2.3.1.i586",
                "product": {
                  "name": "polkit-devel-0.116-lp152.2.3.1.i586",
                  "product_id": "polkit-devel-0.116-lp152.2.3.1.i586"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586"
                }
              }
            ],
            "category": "architecture",
            "name": "i586"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "polkit-doc-0.116-lp152.2.3.1.noarch",
                "product": {
                  "name": "polkit-doc-0.116-lp152.2.3.1.noarch",
                  "product_id": "polkit-doc-0.116-lp152.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-lp152.2.3.1.x86_64",
                "product": {
                  "name": "libpolkit0-0.116-lp152.2.3.1.x86_64",
                  "product_id": "libpolkit0-0.116-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
                "product": {
                  "name": "libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
                  "product_id": "libpolkit0-32bit-0.116-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-lp152.2.3.1.x86_64",
                "product": {
                  "name": "polkit-0.116-lp152.2.3.1.x86_64",
                  "product_id": "polkit-0.116-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-lp152.2.3.1.x86_64",
                "product": {
                  "name": "polkit-devel-0.116-lp152.2.3.1.x86_64",
                  "product_id": "polkit-devel-0.116-lp152.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.2",
                "product": {
                  "name": "openSUSE Leap 15.2",
                  "product_id": "openSUSE Leap 15.2",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.i586"
        },
        "product_reference": "libpolkit0-0.116-lp152.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.x86_64"
        },
        "product_reference": "libpolkit0-0.116-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.116-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:libpolkit0-32bit-0.116-lp152.2.3.1.x86_64"
        },
        "product_reference": "libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.i586"
        },
        "product_reference": "polkit-0.116-lp152.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.x86_64"
        },
        "product_reference": "polkit-0.116-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.i586"
        },
        "product_reference": "polkit-devel-0.116-lp152.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.x86_64"
        },
        "product_reference": "polkit-devel-0.116-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.116-lp152.2.3.1.noarch as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:polkit-doc-0.116-lp152.2.3.1.noarch"
        },
        "product_reference": "polkit-doc-0.116-lp152.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64 as component of openSUSE Leap 15.2",
          "product_id": "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.2"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3560",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3560"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.i586",
          "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.i586",
          "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.i586",
          "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.x86_64",
          "openSUSE Leap 15.2:polkit-doc-0.116-lp152.2.3.1.noarch",
          "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
          "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3560",
          "url": "https://www.suse.com/security/cve/CVE-2021-3560"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186497 for CVE-2021-3560",
          "url": "https://bugzilla.suse.com/1186497"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-doc-0.116-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:libpolkit0-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:libpolkit0-32bit-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:polkit-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:polkit-devel-0.116-lp152.2.3.1.x86_64",
            "openSUSE Leap 15.2:polkit-doc-0.116-lp152.2.3.1.noarch",
            "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.i586",
            "openSUSE Leap 15.2:typelib-1_0-Polkit-1_0-0.116-lp152.2.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-06-04T08:34:08Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3560"
    }
  ]
}

OPENSUSE-SU-2021:1843-1

Vulnerability from csaf_opensuse - Published: 2021-07-11 12:11 - Updated: 2021-07-11 12:11

Summary

Security update for polkit

Severity

Important

Notes

Title of the patch: Security update for polkit

Description of the patch: This update for polkit fixes the following issues: - CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).

Patchnames: openSUSE-SLE-15.3-2021-1843

CVE-2021-3560

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 18 products

Product	Version	Remediation
Unresolved product id: openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:libpolkit0-32bit-0.116-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-0.116-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-0.116-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-0.116-3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-0.116-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:polkit-doc-0.116-3.3.1.noarch	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x	—	Vendor Fix
Unresolved product id: openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64	—	Vendor Fix

Threats

Impact important

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://lists.opensuse.org/archives/list/security…	self
https://lists.opensuse.org/archives/list/security…	self
https://bugzilla.suse.com/1186497	self
https://www.suse.com/security/cve/CVE-2021-3560/	self
https://www.suse.com/security/cve/CVE-2021-3560	external
https://bugzilla.suse.com/1186497	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for polkit",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for polkit fixes the following issues:\n\n- CVE-2021-3560: Fixed a local privilege escalation using polkit_system_bus_name_get_creds_sync() (bsc#1186497).\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-SLE-15.3-2021-1843",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_1843-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2021:1843-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2NCYKG2YTUVFTW5R7DJWWWJGLDWU7XE5/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2021:1843-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/2NCYKG2YTUVFTW5R7DJWWWJGLDWU7XE5/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1186497",
        "url": "https://bugzilla.suse.com/1186497"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3560 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3560/"
      }
    ],
    "title": "Security update for polkit",
    "tracking": {
      "current_release_date": "2021-07-11T12:11:00Z",
      "generator": {
        "date": "2021-07-11T12:11:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2021:1843-1",
      "initial_release_date": "2021-07-11T12:11:00Z",
      "revision_history": [
        {
          "date": "2021-07-11T12:11:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-3.3.1.aarch64",
                "product": {
                  "name": "libpolkit0-0.116-3.3.1.aarch64",
                  "product_id": "libpolkit0-0.116-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-3.3.1.aarch64",
                "product": {
                  "name": "polkit-0.116-3.3.1.aarch64",
                  "product_id": "polkit-0.116-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-3.3.1.aarch64",
                "product": {
                  "name": "polkit-devel-0.116-3.3.1.aarch64",
                  "product_id": "polkit-devel-0.116-3.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "polkit-doc-0.116-3.3.1.noarch",
                "product": {
                  "name": "polkit-doc-0.116-3.3.1.noarch",
                  "product_id": "polkit-doc-0.116-3.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-3.3.1.ppc64le",
                "product": {
                  "name": "libpolkit0-0.116-3.3.1.ppc64le",
                  "product_id": "libpolkit0-0.116-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-3.3.1.ppc64le",
                "product": {
                  "name": "polkit-0.116-3.3.1.ppc64le",
                  "product_id": "polkit-0.116-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-3.3.1.ppc64le",
                "product": {
                  "name": "polkit-devel-0.116-3.3.1.ppc64le",
                  "product_id": "polkit-devel-0.116-3.3.1.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-3.3.1.s390x",
                "product": {
                  "name": "libpolkit0-0.116-3.3.1.s390x",
                  "product_id": "libpolkit0-0.116-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-3.3.1.s390x",
                "product": {
                  "name": "polkit-0.116-3.3.1.s390x",
                  "product_id": "polkit-0.116-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-3.3.1.s390x",
                "product": {
                  "name": "polkit-devel-0.116-3.3.1.s390x",
                  "product_id": "polkit-devel-0.116-3.3.1.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.116-3.3.1.x86_64",
                "product": {
                  "name": "libpolkit0-0.116-3.3.1.x86_64",
                  "product_id": "libpolkit0-0.116-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.116-3.3.1.x86_64",
                "product": {
                  "name": "libpolkit0-32bit-0.116-3.3.1.x86_64",
                  "product_id": "libpolkit0-32bit-0.116-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.116-3.3.1.x86_64",
                "product": {
                  "name": "polkit-0.116-3.3.1.x86_64",
                  "product_id": "polkit-0.116-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.116-3.3.1.x86_64",
                "product": {
                  "name": "polkit-devel-0.116-3.3.1.x86_64",
                  "product_id": "polkit-devel-0.116-3.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64",
                  "product_id": "typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.3",
                "product": {
                  "name": "openSUSE Leap 15.3",
                  "product_id": "openSUSE Leap 15.3",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.3"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.aarch64"
        },
        "product_reference": "libpolkit0-0.116-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.ppc64le"
        },
        "product_reference": "libpolkit0-0.116-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.s390x"
        },
        "product_reference": "libpolkit0-0.116-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.116-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.x86_64"
        },
        "product_reference": "libpolkit0-0.116-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.116-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:libpolkit0-32bit-0.116-3.3.1.x86_64"
        },
        "product_reference": "libpolkit0-32bit-0.116-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-0.116-3.3.1.aarch64"
        },
        "product_reference": "polkit-0.116-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-0.116-3.3.1.ppc64le"
        },
        "product_reference": "polkit-0.116-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-0.116-3.3.1.s390x"
        },
        "product_reference": "polkit-0.116-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.116-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-0.116-3.3.1.x86_64"
        },
        "product_reference": "polkit-0.116-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.aarch64"
        },
        "product_reference": "polkit-devel-0.116-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.ppc64le"
        },
        "product_reference": "polkit-devel-0.116-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.s390x"
        },
        "product_reference": "polkit-devel-0.116-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.116-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.x86_64"
        },
        "product_reference": "polkit-devel-0.116-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.116-3.3.1.noarch as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:polkit-doc-0.116-3.3.1.noarch"
        },
        "product_reference": "polkit-doc-0.116-3.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64 as component of openSUSE Leap 15.3",
          "product_id": "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.3"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2021-3560",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3560"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.aarch64",
          "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.ppc64le",
          "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.s390x",
          "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.x86_64",
          "openSUSE Leap 15.3:libpolkit0-32bit-0.116-3.3.1.x86_64",
          "openSUSE Leap 15.3:polkit-0.116-3.3.1.aarch64",
          "openSUSE Leap 15.3:polkit-0.116-3.3.1.ppc64le",
          "openSUSE Leap 15.3:polkit-0.116-3.3.1.s390x",
          "openSUSE Leap 15.3:polkit-0.116-3.3.1.x86_64",
          "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.aarch64",
          "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.ppc64le",
          "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.s390x",
          "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.x86_64",
          "openSUSE Leap 15.3:polkit-doc-0.116-3.3.1.noarch",
          "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
          "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
          "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
          "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3560",
          "url": "https://www.suse.com/security/cve/CVE-2021-3560"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186497 for CVE-2021-3560",
          "url": "https://bugzilla.suse.com/1186497"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:libpolkit0-32bit-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-doc-0.116-3.3.1.noarch",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:libpolkit0-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:libpolkit0-32bit-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:polkit-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:polkit-devel-0.116-3.3.1.x86_64",
            "openSUSE Leap 15.3:polkit-doc-0.116-3.3.1.noarch",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.aarch64",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.ppc64le",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.s390x",
            "openSUSE Leap 15.3:typelib-1_0-Polkit-1_0-0.116-3.3.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2021-07-11T12:11:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3560"
    }
  ]
}

OPENSUSE-SU-2024:11180-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

libpolkit0-0.118-7.2 on GA media

Severity

Moderate

Notes

Title of the patch: libpolkit0-0.118-7.2 on GA media

Description of the patch: These are all security issues fixed in the libpolkit0-0.118-7.2 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-11180

CVE-2018-1116

3.3 (Low)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64	—	Vendor Fix

Threats

Impact low

CVE-2018-19788

5.6 (Medium)


                        
                          CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2019-6133

6.7 (Medium)


                        
                          CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2021-3560

8.4 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected products

Recommended 24 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64	—	Vendor Fix

Threats

Impact important

References

19 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2018-1116/	self
https://www.suse.com/security/cve/CVE-2018-19788/	self
https://www.suse.com/security/cve/CVE-2019-6133/	self
https://www.suse.com/security/cve/CVE-2021-3560/	self
https://www.suse.com/security/cve/CVE-2018-1116	external
https://bugzilla.suse.com/1099031	external
https://www.suse.com/security/cve/CVE-2018-19788	external
https://bugzilla.suse.com/1118274	external
https://bugzilla.suse.com/1118277	external
https://bugzilla.suse.com/1119056	external
https://bugzilla.suse.com/1126909	external
https://www.suse.com/security/cve/CVE-2019-6133	external
https://bugzilla.suse.com/1070943	external
https://bugzilla.suse.com/1121826	external
https://bugzilla.suse.com/1121872	external
https://www.suse.com/security/cve/CVE-2021-3560	external
https://bugzilla.suse.com/1186497	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "libpolkit0-0.118-7.2 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the libpolkit0-0.118-7.2 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-11180",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11180-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-1116 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-1116/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2018-19788 page",
        "url": "https://www.suse.com/security/cve/CVE-2018-19788/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2019-6133 page",
        "url": "https://www.suse.com/security/cve/CVE-2019-6133/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2021-3560 page",
        "url": "https://www.suse.com/security/cve/CVE-2021-3560/"
      }
    ],
    "title": "libpolkit0-0.118-7.2 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:11180-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.118-7.2.aarch64",
                "product": {
                  "name": "libpolkit0-0.118-7.2.aarch64",
                  "product_id": "libpolkit0-0.118-7.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.118-7.2.aarch64",
                "product": {
                  "name": "libpolkit0-32bit-0.118-7.2.aarch64",
                  "product_id": "libpolkit0-32bit-0.118-7.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.118-7.2.aarch64",
                "product": {
                  "name": "polkit-0.118-7.2.aarch64",
                  "product_id": "polkit-0.118-7.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.118-7.2.aarch64",
                "product": {
                  "name": "polkit-devel-0.118-7.2.aarch64",
                  "product_id": "polkit-devel-0.118-7.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-doc-0.118-7.2.aarch64",
                "product": {
                  "name": "polkit-doc-0.118-7.2.aarch64",
                  "product_id": "polkit-doc-0.118-7.2.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
                  "product_id": "typelib-1_0-Polkit-1_0-0.118-7.2.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.118-7.2.ppc64le",
                "product": {
                  "name": "libpolkit0-0.118-7.2.ppc64le",
                  "product_id": "libpolkit0-0.118-7.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.118-7.2.ppc64le",
                "product": {
                  "name": "libpolkit0-32bit-0.118-7.2.ppc64le",
                  "product_id": "libpolkit0-32bit-0.118-7.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.118-7.2.ppc64le",
                "product": {
                  "name": "polkit-0.118-7.2.ppc64le",
                  "product_id": "polkit-0.118-7.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.118-7.2.ppc64le",
                "product": {
                  "name": "polkit-devel-0.118-7.2.ppc64le",
                  "product_id": "polkit-devel-0.118-7.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-doc-0.118-7.2.ppc64le",
                "product": {
                  "name": "polkit-doc-0.118-7.2.ppc64le",
                  "product_id": "polkit-doc-0.118-7.2.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
                  "product_id": "typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.118-7.2.s390x",
                "product": {
                  "name": "libpolkit0-0.118-7.2.s390x",
                  "product_id": "libpolkit0-0.118-7.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.118-7.2.s390x",
                "product": {
                  "name": "libpolkit0-32bit-0.118-7.2.s390x",
                  "product_id": "libpolkit0-32bit-0.118-7.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.118-7.2.s390x",
                "product": {
                  "name": "polkit-0.118-7.2.s390x",
                  "product_id": "polkit-0.118-7.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.118-7.2.s390x",
                "product": {
                  "name": "polkit-devel-0.118-7.2.s390x",
                  "product_id": "polkit-devel-0.118-7.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-doc-0.118-7.2.s390x",
                "product": {
                  "name": "polkit-doc-0.118-7.2.s390x",
                  "product_id": "polkit-doc-0.118-7.2.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
                  "product_id": "typelib-1_0-Polkit-1_0-0.118-7.2.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libpolkit0-0.118-7.2.x86_64",
                "product": {
                  "name": "libpolkit0-0.118-7.2.x86_64",
                  "product_id": "libpolkit0-0.118-7.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libpolkit0-32bit-0.118-7.2.x86_64",
                "product": {
                  "name": "libpolkit0-32bit-0.118-7.2.x86_64",
                  "product_id": "libpolkit0-32bit-0.118-7.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-0.118-7.2.x86_64",
                "product": {
                  "name": "polkit-0.118-7.2.x86_64",
                  "product_id": "polkit-0.118-7.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-devel-0.118-7.2.x86_64",
                "product": {
                  "name": "polkit-devel-0.118-7.2.x86_64",
                  "product_id": "polkit-devel-0.118-7.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "polkit-doc-0.118-7.2.x86_64",
                "product": {
                  "name": "polkit-doc-0.118-7.2.x86_64",
                  "product_id": "polkit-doc-0.118-7.2.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "typelib-1_0-Polkit-1_0-0.118-7.2.x86_64",
                "product": {
                  "name": "typelib-1_0-Polkit-1_0-0.118-7.2.x86_64",
                  "product_id": "typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64"
        },
        "product_reference": "libpolkit0-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le"
        },
        "product_reference": "libpolkit0-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x"
        },
        "product_reference": "libpolkit0-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64"
        },
        "product_reference": "libpolkit0-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64"
        },
        "product_reference": "libpolkit0-32bit-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le"
        },
        "product_reference": "libpolkit0-32bit-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x"
        },
        "product_reference": "libpolkit0-32bit-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libpolkit0-32bit-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64"
        },
        "product_reference": "libpolkit0-32bit-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64"
        },
        "product_reference": "polkit-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le"
        },
        "product_reference": "polkit-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-0.118-7.2.s390x"
        },
        "product_reference": "polkit-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64"
        },
        "product_reference": "polkit-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64"
        },
        "product_reference": "polkit-devel-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le"
        },
        "product_reference": "polkit-devel-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x"
        },
        "product_reference": "polkit-devel-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-devel-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64"
        },
        "product_reference": "polkit-devel-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64"
        },
        "product_reference": "polkit-doc-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le"
        },
        "product_reference": "polkit-doc-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x"
        },
        "product_reference": "polkit-doc-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "polkit-doc-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64"
        },
        "product_reference": "polkit-doc-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.118-7.2.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.118-7.2.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "typelib-1_0-Polkit-1_0-0.118-7.2.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
        },
        "product_reference": "typelib-1_0-Polkit-1_0-0.118-7.2.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2018-1116",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-1116"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in polkit before version 0.116. The implementation of the polkit_backend_interactive_authority_check_authorization function in polkitd allows to test for authentication and trigger authentication of unrelated processes owned by other users. This may result in a local DoS and information disclosure.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-1116",
          "url": "https://www.suse.com/security/cve/CVE-2018-1116"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1099031 for CVE-2018-1116",
          "url": "https://bugzilla.suse.com/1099031"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.3,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "low"
        }
      ],
      "title": "CVE-2018-1116"
    },
    {
      "cve": "CVE-2018-19788",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2018-19788"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "A flaw was found in PolicyKit (aka polkit) 0.115 that allows a user with a uid greater than INT_MAX to successfully execute any systemctl command.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2018-19788",
          "url": "https://www.suse.com/security/cve/CVE-2018-19788"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118274 for CVE-2018-19788",
          "url": "https://bugzilla.suse.com/1118274"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1118277 for CVE-2018-19788",
          "url": "https://bugzilla.suse.com/1118277"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1119056 for CVE-2018-19788",
          "url": "https://bugzilla.suse.com/1119056"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1126909 for CVE-2018-19788",
          "url": "https://bugzilla.suse.com/1126909"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.6,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2018-19788"
    },
    {
      "cve": "CVE-2019-6133",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2019-6133"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "In PolicyKit (aka polkit) 0.115, the \"start time\" protection mechanism can be bypassed because fork() is not atomic, and therefore authorization decisions are improperly cached. This is related to lack of uid checking in polkitbackend/polkitbackendinteractiveauthority.c.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2019-6133",
          "url": "https://www.suse.com/security/cve/CVE-2019-6133"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1070943 for CVE-2019-6133",
          "url": "https://bugzilla.suse.com/1070943"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1121826 for CVE-2019-6133",
          "url": "https://bugzilla.suse.com/1121826"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1121872 for CVE-2019-6133",
          "url": "https://bugzilla.suse.com/1121872"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.7,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.0"
          },
          "products": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2019-6133"
    },
    {
      "cve": "CVE-2021-3560",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2021-3560"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "It was found that polkit could be tricked into bypassing the credential checks for D-Bus requests, elevating the privileges of the requestor to the root user. This flaw could be used by an unprivileged local attacker to, for example, create a new local administrator. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
          "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
          "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2021-3560",
          "url": "https://www.suse.com/security/cve/CVE-2021-3560"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1186497 for CVE-2021-3560",
          "url": "https://bugzilla.suse.com/1186497"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 8.4,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:libpolkit0-32bit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-devel-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.s390x",
            "openSUSE Tumbleweed:polkit-doc-0.118-7.2.x86_64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.aarch64",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.ppc64le",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.s390x",
            "openSUSE Tumbleweed:typelib-1_0-Polkit-1_0-0.118-7.2.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "important"
        }
      ],
      "title": "CVE-2021-3560"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-3560 (GCVE-0-2021-3560)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

Solution

Solution

Tags

Sightings

Nomenclature