This page lists publicly disclosed CVE vulnerabilities affecting canonical authd (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-5689 | A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session. | [email protected] | 8.5 | 0.07% | 2025-06-16 | 2025-08-26 |
| CVE-2024-9312 | Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges. | [email protected] | 7.5 | 0.05% | 2024-10-10 | 2025-08-26 |
| CVE-2024-9313 | Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them. | [email protected] | 8.8 | 0.48% | 2024-10-03 | 2025-08-26 |