CVE-2024-47191 | oath-toolkit up to 2.6.11 pam_oath.so liboath/usersfile.c oath_authenticate_usersfile symlink (Nessus ID 208203)

Posted by Angelo Barbosa | Oct 6, 2024 | CVE

A vulnerability was found in oath-toolkit up to 2.6.11 and classified as critical. This issue affects the function oath_authenticate_usersfile of the file liboath/usersfile.c of the component pam_oath.so. The manipulation leads to symlink following.

The identification of this vulnerability is CVE-2024-47191. An attack has to be approached locally. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47191 | oath-toolkit up to 2.6.11 pam_oath.so liboath/usersfile.c oath_authenticate_usersfile symlink (Nessus ID 208203)

Related Posts

CVE-2024-45303 | discourse-calendar up to 0.4 Content Security Policy cross site scripting (GHSA-rq37-8pf3-4xc8)

CVE-2024-32332 | Totolink N300RT 2.1.8-B20201030.1539 Wireless Page cross site scripting

CVE-2024-39870 | Siemens SINEMA Remote Connect Server up to 3.2 client-side enforcement of server-side security (ssa-381581)

CVE-2024-29777 | WPMU DEV Forminator Plugin up to 1.29.0 on WordPress cross site scripting