Insecure Storage of Sensitive Information
CVE-2024-38496
Summary
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
- LOW
- ADJACENT
- NONE
- LOW
CWE-922 - Insecure Storage of Sensitive Information
The software stores sensitive information without properly limiting read or write access by unauthorized actors.
References
Advisory Timeline
- Published
