Executive Summary

Informations
Name CVE-2024-45044 First vendor Publication 2024-09-10
Vendor Cve Last vendor Modification 2024-09-10

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector :
Cvss Base Score N/A Attack Range N/A
Cvss Impact Score N/A Attack Complexity N/A
Cvss Expoit Score N/A Authentication N/A
Calculate full CVSS 2.0 Vectors scores

Detail

Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami") but to the abbreviated form (i.e. "w"). If the command ACL is configured with negative ACL that should forbid using the "whoami" command, you could still use "w" or "who" as a command successfully. Fixes for the problem are shipped in Bareos versions 23.0.4, 22.1.6 and 21.1.11. If only positive command ACLs are used without any negation, the problem does not occur.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-45044

CWE : Common Weakness Enumeration

% Id Name
100 % CWE-285 Improper Access Control (Authorization)

Sources (Detail)

https://github.com/bareos/bareos/commit/2a026698b87d13bd1c6275726b5e826702f81dd5
https://github.com/bareos/bareos/pull/1875
https://github.com/bareos/bareos/security/advisories/GHSA-jfww-q346-r2r8
Source Url

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2024-09-10 21:27:29
  • First insertion