CVE-2021-3560 vulnerability in Polkitproject and Other Products
Published on February 16, 2022
Known Exploited Vulnerability
This Red Hat Polkit Incorrect Authorization Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.
The following remediation steps are recommended / required by June 2, 2023: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2021-3560 is exploitable with local system access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
Improper Check for Unusual or Exceptional Conditions
The software does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
Products Associated with CVE-2021-3560
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-3560 are published in these products:
What versions are vulnerable to CVE-2021-3560?
- Polkitproject Polkit Fixed in Version 0.119
- Debian Linux Version 11.0
- Canonical Ubuntu Linux Version 20.04
Each of the following must match for the vulnerability to exist.
Each of the following must match for the vulnerability to exist.