Untriaged
Permalink
CVE-2022-1804
5.5 MEDIUM
- CVSS version: 3.1
- Attack vector (AV): LOCAL
- Attack complexity (AC): LOW
- Privileges required (PR): LOW
- User interaction (UI): NONE
- Scope (S): UNCHANGED
- Confidentiality impact (C): NONE
- Integrity impact (I): NONE
- Availability impact (A): HIGH
Accountsservice incorrectly drops privileges
accountsservice no longer drops permissions when writting .pam_environment
References
- https://bugs.launchpad.net/ubuntu/+source/accountsservice/+bug/1974250 issue-tracking
- https://ubuntu.com/security/notices/USN-5439-1 release-notes
Affected products
accountsservice
- <22.07.5-2ubuntu1.3
Matching in nixpkgs
pkgs.accountsservice
D-Bus interface for user account query and manipulation
-
nixos-unstable -
- nixpkgs-unstable 23.13.9
Package maintainers
-
@pSub Pascal Wittmann <mail@pascal-wittmann.de>
-
@jtojnar Jan Tojnar <jtojnar@gmail.com>