CVE-2021-44225

Medium CVSS 5.4

Overview

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

CWE: N/A Published: 2021-11-26T00:15:10.017

Risk analysis

This vulnerability is rated 🟡 MEDIUM.

CVSS: 5.4 (MEDIUM)
Detected tags: none (tag impact: LOW)

Recommended actions:

Prioritize remediation based on business criticality and exposure.
Limit exposure and increase monitoring until fixed.

Overview

Recommended tools

Tags