CVE-2012-3462

CWE-287Improper Authentication5 documents5 sources
Severity
8.8HIGH
EPSS
0.3%
top 45.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Sssd SssdFedoraproject Sssd
Timeline
PublishedDec 26
Latest updateApr 23

Description

A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the access-provider is also handling the setup of the user's SELinux user context.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages3 packages

Debiansssd< 1.10.0-1+3
CVEListV5sssd/sssd1.9.0

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-h73j-5p58-29r6: A flaw was found in SSSD version 12022-04-23
OSV
CVE-2012-3462: A flaw was found in SSSD version 12019-12-26
CVEList
CVE-2012-3462: A flaw was found in SSSD version 12019-12-26

📋Vendor Advisories

1
Debian
CVE-2012-3462: sssd - A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes ...2012
CVE-2012-3462 (HIGH CVSS 8.8) | A flaw was found in SSSD version 1. | cvebase.io