cR0w   🏴‍☠️Jun 16, 2025

https://github.com/ubuntu/authd/security/advisories/GHSA-g8qw-mgjx-rwjr

When a user who hasn't logged in to the system before (i.e. doesn't exist in the authd user database) logs in via SSH, the user is considered a member of the root group in the context of the SSH session. That leads to a local privilege escalation if the user should not have root privileges.

Show threadSapphicSelene 
@cR0w Am I reading this right that any random Joe logging into a computer remotely via the internet would have instant right to do whatever they pleased with said computer, like deleting files willy nilly? If so, then God damn
Jun 16, 2025 at 5:01pmWeb
Show threadjasegJun 16, 2025
@sapphicselene AFAICT you would already need an account on the target system, just not a privileged one.
Show threadjxvvtJun 16, 2025

@sapphicselene @cR0w

No