Page MenuHomeVyOS Platform

CVE-2021-4034: local privilege escalation in PolKit
Closed, ResolvedPublicBUG

Description

PolKit vulnerability allows any logged-in user to execute arbitrary code with root privileges. See https://access.redhat.com/security/vulnerabilities/RHSB-2022-001

Since VyOS allows all logged-in users do anything at this moment, this is not a concern. Nonetheless, it's fixed by Debian's updates.

Details

Difficulty level
Unknown (require assessment)
Version
1.3.0
Why the issue appeared?
Will be filled on close
Is it a breaking change?
Perfectly compatible
Issue type
Security vulnerability

Related Objects

Mentioned In
1.3.3
1.3.1