CVE-2021-3560 — Red Hat Polkit Incorrect Authorization Vulnerability

2023-05-12 • CISA Known Exploited Vulnerability

[event] Red Hat Polkit contains an incorrect authorization vulnerability through the bypassing of credential checks for D-Bus requests, allowing for privilege escalation.

> AFFECTED SOFTWARE

Field	Value
Vendor	Red Hat
Product	Polkit
CWE	CWE-863
CVE ID	CVE-2021-3560
Date Added	2023-05-12
Due Date	2023-06-02
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2023-06-02

> REFERENCES

[1] https://bugzilla.redhat.com/show_bug.cgi?id=1961710
[2] https://nvd.nist.gov/vuln/detail/CVE-2021-3560