Search criteria
6 vulnerabilities by bareos
CVE-2024-45044 (GCVE-0-2024-45044)
Vulnerability from cvelistv5 – Published: 2024-09-10 14:57 – Updated: 2024-09-10 19:23
VLAI?
Title
Bareos's negative command ACLs can be circumvented by abbreviating commands
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami") but to the abbreviated form (i.e. "w"). If the command ACL is configured with negative ACL that should forbid using the "whoami" command, you could still use "w" or "who" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.
Severity ?
8.8 (High)
CWE
- CWE-285 - Improper Authorization
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:bareos:bareos:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"lessThan": "23.0.4",
"status": "affected",
"version": "23.0.0",
"versionType": "custom"
},
{
"lessThan": "22.1.6",
"status": "affected",
"version": "22.0.0",
"versionType": "custom"
},
{
"lessThan": "21.1.11",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45044",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:21:00.578548Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:23:58.214Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 23.0.0, \u003c 23.0.4"
},
{
"status": "affected",
"version": "\u003e= 22.0.0, \u003c 22.1.6"
},
{
"status": "affected",
"version": "\u003c 21.1.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. \"w\" for \"whoami\") the ACL check did not apply to the full form (i.e. \"whoami\") but to the abbreviated form (i.e. \"w\"). If the command ACL is configured with negative ACL that should forbid using the \"whoami\" command, you could still use \"w\" or \"who\" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:57:57.464Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8"
},
{
"name": "https://github.com/bareos/bareos/pull/1875",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1875"
},
{
"name": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5"
}
],
"source": {
"advisory": "GHSA-jfww-q346-r2r8",
"discovery": "UNKNOWN"
},
"title": "Bareos\u0027s negative command ACLs can be circumvented by abbreviating commands"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45044",
"datePublished": "2024-09-10T14:57:57.464Z",
"dateReserved": "2024-08-21T17:53:51.331Z",
"dateUpdated": "2024-09-10T19:23:58.214Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24756 (GCVE-0-2022-24756)
Vulnerability from cvelistv5 – Published: 2022-03-15 14:40 – Updated: 2025-04-22 18:18
VLAI?
Title
Missing Release of Memory after Effective Lifetime in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround.
Severity ?
7.5 (High)
CWE
- CWE-401 - Missing Release of Memory after Effective Lifetime
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.456Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24756",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:41:51.472279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:06.913Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-401",
"description": "CWE-401: Missing Release of Memory after Effective Lifetime",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:40:20.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
],
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
},
"title": "Missing Release of Memory after Effective Lifetime in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24756",
"STATE": "PUBLIC",
"TITLE": "Missing Release of Memory after Effective Lifetime in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, a failed PAM authentication will leak a small amount of memory. An attacker that is able to use the PAM Console (i.e. by knowing the shared secret or via the WebUI) can flood the Director with failing login attempts which will eventually lead to an out-of-memory condition in which the Director will not work anymore. Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 contain a Bugfix for this problem. Users who are unable to upgrade may disable PAM authentication as a workaround."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-401: Missing Release of Memory after Effective Lifetime"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
},
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-jh55-4wgw-xc9j"
}
]
},
"source": {
"advisory": "GHSA-jh55-4wgw-xc9j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24756",
"datePublished": "2022-03-15T14:40:21.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:06.913Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-24755 (GCVE-0-2022-24755)
Vulnerability from cvelistv5 – Published: 2022-03-15 14:35 – Updated: 2025-04-22 18:18
VLAI?
Title
Incorrect Authorization in Bareos Director
Summary
Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director >= 18.2 >= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized.
Severity ?
8.1 (High)
CWE
- CWE-863 - Incorrect Authorization
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.122Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-24755",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-22T15:44:05.468336Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-22T18:18:15.793Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003e= 18.2, \u003c 19.2.12"
},
{
"status": "affected",
"version": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"status": "affected",
"version": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-15T14:35:13.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
],
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
},
"title": "Incorrect Authorization in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24755",
"STATE": "PUBLIC",
"TITLE": "Incorrect Authorization in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003e= 18.2, \u003c 19.2.12"
},
{
"version_value": "\u003e= 20.0.0, \u003c 20.0.6"
},
{
"version_value": "\u003e= 21.0.0, \u003c 21.1.0"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos is open source software for backup, archiving, and recovery of data for operating systems. When Bareos Director \u003e= 18.2 \u003e= 18.2 but prior to 21.1.0, 20.0.6, and 19.2.12 is built and configured for PAM authentication, it will skip authorization checks completely. Expired accounts and accounts with expired passwords can still login. This problem will affect users that have PAM enabled. Currently there is no authorization (e.g. check for expired or disabled accounts), but only plain authentication (i.e. check if username and password match). Bareos Director versions 21.1.0, 20.0.6 and 19.2.12 implement the authorization check that was previously missing. The only workaround is to make sure that authentication fails if the user is not authorized."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-4979-8ffj-4q26"
},
{
"name": "https://github.com/bareos/bareos/pull/1115",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1115"
},
{
"name": "https://github.com/bareos/bareos/pull/1119",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1119"
},
{
"name": "https://github.com/bareos/bareos/pull/1121",
"refsource": "MISC",
"url": "https://github.com/bareos/bareos/pull/1121"
},
{
"name": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/",
"refsource": "MISC",
"url": "https://huntr.dev/bounties/480121f2-bc3c-427e-986e-5acffb1606c5/"
}
]
},
"source": {
"advisory": "GHSA-4979-8ffj-4q26",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24755",
"datePublished": "2022-03-15T14:35:13.000Z",
"dateReserved": "2022-02-10T00:00:00.000Z",
"dateUpdated": "2025-04-22T18:18:15.793Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-4042 (GCVE-0-2020-4042)
Vulnerability from cvelistv5 – Published: 2020-07-10 19:30 – Updated: 2024-08-04 07:52
VLAI?
Title
Authentication bypass in Bareos
Summary
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8.
Severity ?
6.8 (Medium)
CWE
- CWE-294 - Authentication Bypass by Capture-replay
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T07:52:20.708Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "bareos",
"vendor": "bareos",
"versions": [
{
"status": "affected",
"version": "\u003c 19.2.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-294",
"description": "CWE-294: Authentication Bypass by Capture-replay",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-10T19:30:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1250"
}
],
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass in Bareos",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-4042",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass in Bareos"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "bareos",
"version": {
"version_data": [
{
"version_value": "\u003c 19.2.8"
}
]
}
}
]
},
"vendor_name": "bareos"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director\u0027s cram-md5 challenge to the director itself leading to the director responding to the replayed challenge. The response obtained is then a valid reply to the directors original challenge. This is fixed in version 19.2.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-294: Authentication Bypass by Capture-replay"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-vqpj-2vhj-h752"
},
{
"name": "https://bugs.bareos.org/view.php?id=1250",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1250"
}
]
},
"source": {
"advisory": "GHSA-vqpj-2vhj-h752",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-4042",
"datePublished": "2020-07-10T19:30:14",
"dateReserved": "2019-12-30T00:00:00",
"dateUpdated": "2024-08-04T07:52:20.708Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-11061 (GCVE-0-2020-11061)
Vulnerability from cvelistv5 – Published: 2020-07-10 19:25 – Updated: 2024-08-04 11:21
VLAI?
Title
Heap-based Buffer Overflow in Bareos Director
Summary
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10.
Severity ?
6 (Medium)
CWE
- CWE-122 - Heap-based Buffer Overflow
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Bareos GmbH & Co. KG | Bareos Director |
Affected:
<= 16.2.10
Affected: <= 17.2.9 Affected: <= 18.2.8 Affected: <= 19.2.7 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Bareos Director",
"vendor": "Bareos GmbH \u0026 Co. KG",
"versions": [
{
"status": "affected",
"version": "\u003c= 16.2.10"
},
{
"status": "affected",
"version": "\u003c= 17.2.9"
},
{
"status": "affected",
"version": "\u003c= 18.2.8"
},
{
"status": "affected",
"version": "\u003c= 19.2.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122: Heap-based Buffer Overflow",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-08-29T23:06:35",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
],
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
},
"title": "Heap-based Buffer Overflow in Bareos Director",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-11061",
"STATE": "PUBLIC",
"TITLE": "Heap-based Buffer Overflow in Bareos Director"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Bareos Director",
"version": {
"version_data": [
{
"version_value": "\u003c= 16.2.10"
},
{
"version_value": "\u003c= 17.2.9"
},
{
"version_value": "\u003c= 18.2.8"
},
{
"version_value": "\u003c= 19.2.7"
}
]
}
}
]
},
"vendor_name": "Bareos GmbH \u0026 Co. KG"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director\u0027s memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in Bareos versions 19.2.8, 18.2.9 and 17.2.10."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122: Heap-based Buffer Overflow"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4",
"refsource": "CONFIRM",
"url": "https://github.com/bareos/bareos/security/advisories/GHSA-mm45-cg35-54j4"
},
{
"name": "https://bugs.bareos.org/view.php?id=1210",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=1210"
},
{
"name": "[debian-lts-announce] 20200829 [SECURITY] [DLA 2353-1] bacula security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00051.html"
}
]
},
"source": {
"advisory": "GHSA-mm45-cg35-54j4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-11061",
"datePublished": "2020-07-10T19:25:13",
"dateReserved": "2020-03-30T00:00:00",
"dateUpdated": "2024-08-04T11:21:14.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-14610 (GCVE-0-2017-14610)
Vulnerability from cvelistv5 – Published: 2017-09-20 18:00 – Updated: 2024-09-16 17:32
VLAI?
Summary
bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a "kill `cat /pathname`" command.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T19:34:39.463Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-20T18:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.bareos.org/view.php?id=847"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2017-14610",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "bareos-dir, bareos-fd, and bareos-sd in bareos-core in Bareos 16.2.6 and earlier create a PID file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for PID file modification before a root script executes a \"kill `cat /pathname`\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugs.bareos.org/view.php?id=847",
"refsource": "MISC",
"url": "https://bugs.bareos.org/view.php?id=847"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-14610",
"datePublished": "2017-09-20T18:00:00Z",
"dateReserved": "2017-09-20T00:00:00Z",
"dateUpdated": "2024-09-16T17:32:56.136Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}