CVE-2024-47191

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-47191
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-47191
Downstream
Related
Published
2024-10-09T00:00:00Z
Modified
2026-05-18T05:58:59.842496529Z
Severity
  • 7.1 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N CVSS Calculator
Summary
[none]
Details

pam_oath.so in oath-toolkit 2.6.7 through 2.6.11 before 2.6.12 allows root privilege escalation because, in the context of PAM code running as root, it mishandles usersfile access, such as by calling fchown in the presence of a symlink.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47191.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / gitlab.com/oath-toolkit/oath-toolkit

Affected ranges

Type
GIT
Repo
https://gitlab.com/oath-toolkit/oath-toolkit
Events
Introduced
3cb25fc9ff468d32b59eceb476c5f48cc870a837
Fixed
c872088aca029b4290b480002945c6a013d89086

Affected versions

Other
oath-toolkit-2-6-7
oath-toolkit-2.*
oath-toolkit-2.6.10
oath-toolkit-2.6.11
oath-toolkit-2.6.7
oath-toolkit-2.6.8
oath-toolkit-2.6.9

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-47191.json"