Severity by source
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Local D-Bus service requires an existing low-privileged local account (AV:L, PR:L); no user interaction or special conditions beyond a prior admin auth; yields high confidentiality and integrity over snapshots, no availability impact.
Primary rating from Vendor (suse).
CVSS VectorVendor: suse
CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them.
AnalysisAI
Local privilege escalation in qSnapper D-Bus service before version 1.3.3 allows any unprivileged local user to invoke privileged D-Bus methods after an administrator has previously authenticated for an unrelated Polkit action. The flaw stems from authentication state being implicitly carried over across different Polkit actions and users rather than being scoped per-action-per-caller, enabling unauthorized snapshot management on systems where the service is installed. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a local unprivileged session on a host running the qSnapper D-Bus system service at a version before 1.3.3, and crucially requires that a privileged (admin) user has previously completed a Polkit authentication for a qSnapper action on the same running service instance - the bug is that this prior authentication is implicitly carried over to other Polkit actions and other D-Bus callers. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 vector (AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N) and base score of 8.4 accurately reflect a high-impact local privilege escalation: an authenticated low-privileged local user can reach high confidentiality and integrity impact with no user interaction and no exotic attack requirements, but only after some privileged user on the same system has previously authenticated. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | On a shared Linux workstation with qSnapper < 1.3.3 installed, an administrator authenticates once via Polkit to perform a routine snapshot operation. A logged-in unprivileged local user then invokes other qSnapper D-Bus methods from their own session and finds them accepted without re-authentication because the service treats the prior admin authentication as still valid, allowing them to read or manipulate snapshot data outside their privilege level. |
| Remediation | Vendor-released patch: qSnapper 1.3.3 - upgrade to this version, which removes the m_authenticated cache and the explicit Authenticate() D-Bus method and relies on Polkit's native per-action auth_admin_keep semantics, per the release notes at https://github.com/presire/qSnapper/releases/tag/v1.3.3 and the SUSE advisory at https://security.opensuse.org/2026/05/26/qsnapper-dbus-issues.html#issue-auth-caching. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: inventory all systems running qSnapper D-Bus and document current versions. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Authentication bypass in qSnapper's privileged D-Bus service (versions before 1.3.3) allows any local unprivileged user
Local privilege escalation and denial of service in qSnapper before 1.3.3 stems from path traversal via the configName D
Local privilege escalation in presire qSnapper before 1.3.3 lets a low-privileged user bypass Polkit authentication in t
Unauthenticated local access to qSnapper's D-Bus snapshot diff interface before version 1.3.3 exposes read-protected fil
Same technique Information Disclosure
View allVendor StatusVendor
SUSE
Severity: ImportantShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-38275
GHSA-cf66-c678-24r2