Polkit security update-CVE-2021-4034
NAME
Polkit Project – Polkit
- Platforms Affected:
Polkit - Risk Level:
high - CVE Type:
Privilege escalation
DESCRIPTION
CVE-2021-4034 is a privilege escalation vulnerability impacting Polkit versions 0.120 and earlier. A Metasploit module was observed in open source and subsequently shared in the underground. Additionally, a walk-through demo of an exploit was shared via Vimeo. Local access on the system is a prerequisite to exploit this issue. A successful exploitation of this vulnerability would allow an attacker to gain a root access on the vulnerable host.
CVSS Information:
- CVSS 2.0 SCORE:
- CVSS 3.0 SCORE: 7.8
- Exploit Disclosed in the Public:
true - Exploit Weaponised:
true - PoC Link:
hXXps://github[.]com/arthepsy/CVE-2021-4034
MITIGATION
Polkit Project addressed the vulnerability in a GitLab software development platform with a patch.
- Reference Link:
https://gitlab.freedesktop.org/polkit/polkit/-/commit/a2bf5c9c83b6ae46cbd5c779d3055bff81ded683 - Patch Available:
available
If you like the site, please consider joining the telegram channel and supporting us on Patreon using the button below.