Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Go : PAM Authorization Bypass #686

Closed
2 tasks
porcupineyhairs opened this issue Jun 2, 2022 · 2 comments
Closed
2 tasks

Go : PAM Authorization Bypass #686

porcupineyhairs opened this issue Jun 2, 2022 · 2 comments
Labels
The Bug Slayer Submissions to The Bug Slayer bounty

Comments

@porcupineyhairs
Copy link

porcupineyhairs commented Jun 2, 2022
edited
Loading

CVE(s) ID list

Project Current State CVE ID Issue Pull Request
emersion/webpass Fix Merged. CVE Pending   emersion/webpass#10 emersion/webpass#11
nDenerserve/SmartPi Fix Merged. CVE Pending   nDenerserve/SmartPi#120 nDenerserve/SmartPi#121
nethesis/nethvoice-report Fix Merged. CVE Pending     nethesis/nethvoice-report#172
netsec-ethz/scion-apps Fix Merged. CVE Pending   netsec-ethz/scion-apps#228 netsec-ethz/scion-apps#229
rtgnx/PAMAuthd Fix Merged. CVE Pending   rtgnx/PAMAuthd#3 rtgnx/PAMAuthd#4
scusi/spipe Fix Merged. CVE Pending   scusi/spipe#1 scusi/spipe#2

All For One submission

#562

Details

This vulnerability pattern was found in 13 projects. Of these 2 were already reported by someone else. developing a CodeQL query for this issue lead to the discovery of 11 other projects. Of these 11, there are approximately 8 projects were this vulnerability has been fixed.

CVSS Impact

Using this attack vector, an attacker may access otherwise restricted parts of the system. The attack can be used to gain access to confidential files like passwords, login credentials and other secrets. Hence, it has a high impact on confidentiality. It may also be directly used to affect a change on a system resource. Hence has a medium to high impact on integrity. This attack may not be used to affect the availability of the system. Taking this account an appropriate CVSS v3.1 vector would be

AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:L/A:N

This gives it a base score of 7.7/10 and a severity rating of high.

Proof Of detection

LGTM run

Are you planning to discuss this vulnerability submission publicly? (Blog Post, social networks, etc).

  • Yes
  • No

Blog post link

No response
@porcupineyhairs porcupineyhairs added the The Bug Slayer Submissions to The Bug Slayer bounty label Jun 2, 2022
@porcupineyhairs
Copy link
Author

I am closing this in light of the discussion in #669 (comment)

The disclosures in this case were made via public issues. So this ticket is not eligible for claiming a bounty.

@ghsecuritylab
Copy link
Collaborator

Your submission is now in status Closed.

For information, the evaluation workflow is the following:
Initial triage > Test run > Results analysis > Query review > Final decision > Pay > Closed

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
The Bug Slayer Submissions to The Bug Slayer bounty
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@ghsecuritylab @porcupineyhairs