CVE-2023-4104

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
11/09/2023
Last modified:
03/07/2025

Description

An invalid Polkit Authentication check and missing authentication requirements for D-Bus methods allowed any local user to configure arbitrary VPN setups.<br /> *This bug only affects Mozilla VPN on Linux. Other operating systems are unaffected.* This vulnerability affects Mozilla VPN 2.16.1

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:mozilla:vpn:*:*:*:*:*:linux:*:* 2.16.1 (excluding)