hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-24 04:36:35 +01:00
Code Issues Packages Projects Releases Wiki Activity

Python: Add @security-severity to py/pam-auth-bypass

Browse Source 
The value 8.1 was calculated by our internal tool. This corresponds to a
'High' severity, which from my gut feeling seems reasonable for
authorization bypass.
This commit is contained in:
Rasmus Wriedt Larsen
2022-05-11 14:56:21 +02:00
parent 0956d506de
commit 044829c3bb
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/src/Security/CWE-285/PamAuthorization.ql
View File

@@ -3,6 +3,7 @@
* @description Not using `pam_acct_mgmt` after `pam_authenticate` to check the validity of a login can lead to authorization bypass. * @description Not using `pam_acct_mgmt` after `pam_authenticate` to check the validity of a login can lead to authorization bypass.
* @kind problem * @kind problem
* @problem.severity warning * @problem.severity warning
* @security-severity 8.1
* @precision high * @precision high
* @id py/pam-auth-bypass * @id py/pam-auth-bypass
* @tags security * @tags security