CVE-2020-24612

{"id": "CVE-2020-24612", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.0}, {"type": "Secondary", "source": "cve@mitre.org", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 1.4}]}, "published": "2020-08-24T21:15:15.877", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1860888", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "cve@mitre.org"}, {"url": "https://github.com/fedora-selinux/selinux-policy/commit/71e1989028802c7875d3436fd3966c587fa383fb", "tags": ["Patch", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-287"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in the selinux-policy (aka Reference Policy) package 3.14 through 2020-08-24 because the .config/Yubico directory is mishandled. Consequently, when SELinux is in enforced mode, pam-u2f is not allowed to read the user's U2F configuration file. If configured with the nouserok option (the default when configured by the authselect tool), and that file cannot be read, the second factor is disabled. An attacker with only the knowledge of the password can then log in, bypassing 2FA."}, {"lang": "es", "value": "Se detect\u00f3 un problema en el paquete selinux-policy (tambi\u00e9n se conoce como Reference Policy) versiones 3.14 hasta el 24-08-2020, porque el directorio .config/Yubico es manejado inapropiadamente. Por consiguiente, cuando SELinux est\u00e1 en modo forzado, pam-u2f no permite leer el archivo de configuraci\u00f3n U2F del usuario. Si se configura con la opci\u00f3n nouserok (el valor predeterminado cuando se configuraba por la herramienta authselect), y ese archivo no se puede leer, el segundo factor est\u00e1 deshabilitado. Un atacante que solo conozca la contrase\u00f1a puede iniciar sesi\u00f3n, omitiendo el 2FA."}], "lastModified": "2020-09-01T19:02:04.493", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fedoraproject:selinux-policy:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "54DAD7B2-0120-49B5-BC25-D6A8BDCC8C3A", "versionEndIncluding": "2020-08-24", "versionStartIncluding": "3.14"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}