In Keepalived up to and including 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
keepalived keepalived |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |