Known Vulnerabilities
CVE-2024-38496
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
CVE-2024-38495
A specific authentication strategy allows a malicious attacker to learn ids of all PAM users defined in its database.
CVE-2024-38494
This vulnerability allows a high-privileged authenticated PAM user to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.
CVE-2024-38493
A reflected cross-site scripting (XSS) vulnerability exists in the PAM UI web interface. A remote attacker able to convince a PAM user to click on a specially crafted link to the PAM UI web interface could potentially execute arbitrary client-side code in the context of PAM UI.
CVE-2024-38492
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
CVE-2024-38491
The vulnerability allows an unauthenticated attacker to read arbitrary information from the database.
CVE-2024-36458
The vulnerability allows a malicious low-privileged PAM user to perform server upgrade related actions.
CVE-2024-36457
The vulnerability allows an attacker to bypass the authentication requirements for a specific PAM endpoint.
CVE-2024-36456
This vulnerability allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by uploading a specially crafted PAM upgrade file.
CVE-2024-36455
An improper input validation allows an unauthenticated attacker to achieve remote command execution on the affected PAM system by sending a specially crafted HTTP request.