CVE-2021-44225 | Vulnerability Database | Aqua Security

In Keepalived through 2.2.4, the D-Bus policy does not sufficiently restrict the message destination, allowing any user to inspect and manipulate any property. This leads to access-control bypass in some situations in which an unrelated D-Bus system service has a settable (writable) property

Affected Software

Name	Vendor	Start Version	End Version
Keepalived	Keepalived	*	2.2.4 (including)
Keepalived	Ubuntu	bionic	*
Keepalived	Ubuntu	devel	*
Keepalived	Ubuntu	focal	*
Keepalived	Ubuntu	hirsute	*
Keepalived	Ubuntu	impish	*
Keepalived	Ubuntu	jammy	*
Keepalived	Ubuntu	trusty	*
Keepalived	Ubuntu	xenial	*
Red Hat Enterprise Linux 8	RedHat	keepalived-0:2.1.5-8.el8	*

References

https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
https://github.com/acassen/keepalived/pull/2063
https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/
https://github.com/acassen/keepalived/commit/7977fec0be89ae6fe87405b3f8da2f0b5e415e3d
https://github.com/acassen/keepalived/pull/2063
https://lists.debian.org/debian-lts-announce/2023/04/msg00012.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5226RYNMNB7FL4MSJDIBBGPUWH6LMRYV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6O2R6EXURJQFPFPYFWRCZLUYVWQCLSZM/

NVD	https://nvd.nist.gov/vuln/detail/CVE-2021-44225
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html