Comment 2 for bug 1812316

CVE-2019-3842 has been assigned by Red Hat to this issue.

"systemd has a vulnerability in the PAM module, pam_systemd, that allows for spoofing of the XDG_SEAT environment variable which allows for commands to be checked against polkit policies using the "allow_active" element rather than "allow_any". Users with local access to machines with an active tty sessions can exploit this to elevate their privileges."