Lucene search
MozillaCVELIST:CVE-2023-4104HistorySep 11, 2023 - 8:02 a.m.
CVE-2023-4104
2023-09-1108:02:53
mozilla
www.cve.org
polkit
authentication
mozilla vpn
linux
vulnerability
An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.
This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN client for Linux < v2.16.1.
CNA Affected
[
{
"product": "Mozilla VPN client for Linux",
"vendor": "Mozilla",
"versions": [
{
"lessThan": "v2.16.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
]References
bugzilla.mozilla.org/show_bug.cgi?id=1831318
github.com/mozilla-mobile/mozilla-vpn-client/pull/7055
github.com/mozilla-mobile/mozilla-vpn-client/pull/7110
github.com/mozilla-mobile/mozilla-vpn-client/pull/7151
www.mozilla.org/security/advisories/mfsa2023-39/
www.openwall.com/lists/oss-security/2023/08/03/1
Related
nvd
nvd
CVE-2023-4104
2023-09-11 09:15:08
cve
cve
CVE-2023-4104
2023-09-11 09:15:08
mozilla
mozilla
Security Issues fixed in Mozilla VPN for Linux v2.16.1 — Mozilla
2023-08-30 00:00:00
ubuntucve
ubuntucve
CVE-2023-4104
2023-09-11 00:00:00
osv
osv
CVE-2023-4104
2023-09-11 09:15:08
prion
prion
Authentication flaw
2023-09-11 09:15:00
debiancve
debiancve
CVE-2023-4104
2023-09-11 09:15:08