Title: ROS2 Humble Hawksbill
Description: Se ha descubierto un problema en los componentes de permiso y control de acceso dentro de ROS2 Humble Hawksbill, en ROS_VERSION 2 y ROS_PYTHON_VERSION 3, que permite a los atacantes ejecutar código arbitrario, provocar una denegación de servicio (DoS), escalar privilegios y obtener información confidencial a través de la autenticación. sistema, incluidos protocolos, procesos y controles manipulados para verificar las identidades de los usuarios o dispositivos que intentan acceder al sistema ROS2.

MITRE disputed

An issue has been discovered in the permission and access control components within ROS2 Humble Hawksbill, in ROS_VERSION 2 and ROS_PYTHON_VERSION 3, allows attackers to execute arbitrary code, cause a denial of service (DoS), escalate privileges, and obtain sensitive information via the authentication system, including protocols, processes, and checks designed to verify the identities of users or devices attempting to access the ROS2 system. NOTE: this is disputed by multiple third parties who believe there was not reasonable evidence to determine the existence of a vulnerability.

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that there was not reasonable evidence to determine the existence of a vulnerability.

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/2

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/3

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/4

MITRE http://www.openwall.com/lists/oss-security/2024/04/23/5

MITRE https://github.com/yashpatelphd/CVE-2024-29450