CVE-2023-4104

Summary

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups. This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected. This vulnerability affects Mozilla VPN 2.16.1 < (Linux).

Affected Software

VendorProductVersion RangeStatus
MozillaMozilla VPN 2.16.1unspecified < (Linux)affected

Weaknesses

  • Local user authentication flaws in Mozilla VPN client for Linux in v2.16.0 and below.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References