A vulnerability was found in oath-toolkit up to 2.6.11 and classified as critical. This issue affects the function
oath_authenticate_usersfile
of the file liboath/usersfile.c of the component pam_oath.so. The manipulation leads to symlink following.
The identification of this vulnerability is CVE-2024-47191. An attack has to be approached locally. There is no exploit available.
It is recommended to upgrade the affected component.