CVE-2013-0287
published 2013-03-21CVE-2013-0287: The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce…
medium4.9CVSS 3.1
AVNACMAuSCPIPAN
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | — | — |
| fedoraproject | sssd | >= 0 < 1.11.4-1ubuntu2 | 1.11.4-1ubuntu2 |
CVSS provenance
nvd4.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
osv4.9MEDIUM