CVE-2024-9312

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-286
View all →

Vulnerability Description

Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.

Related Vulnerabilities

CVE-2022-45857

HIGH
CVSS:7.5(High)

An incorrect user management vulnerability [CWE-286] in the FortiManager version 6.4.6 and below VDOM creation component may allow an attacker to access a FortiGate without a password via newly create...

CWE-2862022

CVE-2023-0857

HIGH
CVSS:7.5(High)

Unintentional change of settings during initial registration of system administrators which uses control protocols. The affected Office / Small Office Multifunction Printers and Laser Printers(*) may ...

CWE-2862023

CVE-2024-58105

HIGH
CVSS:7.3(High)

A vulnerability in the Trend Micro Apex One Security Agent Plug-in User Interface Manager could allow a local attacker to bypass existing security and execute arbitrary code on affected installations....

CWE-2862024

CVE-2023-25519

HIGH
CVSS:7.8(High)

NVIDIA ConnectX Host Firmware for the BlueField Data Processing Unit contains a vulnerability where a restricted host may cause an incorrect user management error. A successful exploit of this vulnera...

CWE-2862023

CVE-2024-28020

HIGH
CVSS:8.0(High)

A user/password reuse vulnerability exists in the FOXMAN-UN/UNEM application and server management. If exploited a malicious high-privileged user could use the passwords and login information through ...

CWE-2862024

CVE-2024-27269

MEDIUM
CVSS:6.8(Medium)

IBM QRadar SIEM 7.5 could allow a privileged user to configure user management that would disclose unintended sensitive information across tenants. IBM X-Force ID: 284575.

CWE-2862024