{ "affected": [ { "database_specific": { "unresolved_ranges": [ { "events": [ { "introduced": "0" }, { "last_affected": "34" } ] }, { "events": [ { "introduced": "0" }, { "last_affected": "35" } ] } ] }, "ranges": [ { "database_specific": { "versions": [ { "introduced": "0" }, { "last_affected": "2.2.4" } ] }, "events": [ { "introduced": "0" }, { "last_affected": "ab4d7cdf8c96fbe679b82a51289234ed8a68d486" }, { "fixed": "7977fec0be89ae6fe87405b3f8da2f0b5e415e3d" } ], "repo": "https://github.com/acassen/keepalived", "type": "GIT" } ] } ], "details": "In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property", "id": "CVE-2021-44225", "modified": "2026-04-01T23:10:21.358837202Z", "published": "2021-11-26T00:15:10.017Z", "references": [ { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/" }, { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/" }, { "type": "WEB", "url": "https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html" }, { "type": "ADVISORY", "url": "https://github.com/acassen/keepalived/pull/2063" }, { "type": "FIX", "url": "https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d" } ], "severity": [ { "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "type": "CVSS_V3" } ] }