本ページは canonical authd に影響する公開済み CVE(NVD の CPE 経由で関連付け)を列挙します。各行に深刻度指標・概要・公開日が含まれます。
| CVE | 概要 | ソース | CVSS 最大値 | EPSS(%) | 公開 | 更新 |
|---|---|---|---|---|---|---|
| CVE-2025-5689 | A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | [email protected] | 8.5 | 0.25% | 2025-06-16 | 2026-06-17 |
| CVE-2024-9312 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | [email protected] | 7.5 | 0.28% | 2024-10-10 | 2026-06-17 |
| CVE-2024-9313 | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | [email protected] | 8.8 | 0.58% | 2024-10-03 | 2026-06-17 |