github.com/ubuntu/authd

Go3 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting github.com/ubuntu/authdpage 1 of 1

CVE-2024-9312HIGHCVSS 7.5EG 7.5✓ Fixed in 0.3.6
2024-10-10
Authd, through version 0.3.6, did not sufficiently randomize user IDs to prevent collisions. A local attacker who can register user names could spoof another user's ID and gain their privileges.
CVE-2024-9313HIGHCVSS 8.8EG 8.8✓ Fixed in 0.3.5
2024-10-03
Authd PAM module before version 0.3.5 can allow broker-managed users to impersonate any other user managed by the same broker and perform any PAM operation with it, including authenticating as them.
CVE-2025-5689HIGHCVSS 8.5EG 8.5✓ Fixed in 0.5.4
2025-06-16
A flaw was found in the temporary user record that authd uses in the pre-auth NSS. As a result, a user login for the first time will be considered to be part of the root group in the context of that SSH session.

Check whether github.com/ubuntu/authd is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for github.com/ubuntu/authd CVEs against the assets you own.

Start Free Scan →