CVE-2013-0287

CWE-2648 documents7 sources
Severity
4.9MEDIUM
EPSS
0.5%
top 35.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Fedoraproject Sssd
Timeline
PublishedMar 21
Latest updateMay 5

Description

The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypass intended access restrictions.

CVSS vector

AV:N/AC:M/C:P/I:P/A:NExploitability: 6.8 | Impact: 4.9

Affected Packages2 packages

Ubuntusssd< 1.11.4-1ubuntu2
NVDfedoraproject/sssd5 versions+4

Patches

Patch: git.fedorahosted.orgPatch: git.fedorahosted.orgPatch: git.fedorahosted.org

🔴Vulnerability Details

3
GHSA
GHSA-h53f-x74p-cc2v: The Simple Access Provider in System Security Services Daemon (SSSD) 12022-05-05
OSV
CVE-2013-0287: The Simple Access Provider in System Security Services Daemon (SSSD) 12013-03-21
CVEList
CVE-2013-0287: The Simple Access Provider in System Security Services Daemon (SSSD) 12013-03-21

📋Vendor Advisories

2
Red Hat
sssd: simple access provider flaw prevents intended ACL use when client to an AD provider2013-03-19
Debian
CVE-2013-0287: sssd - The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 throu...2013

💬Community

2
Bugzilla
CVE-2013-0287 sssd: simple access provider flaw prevents intended ACL use when client to an AD provider [fedora-18]2013-03-20
Bugzilla
CVE-2013-0287 sssd: simple access provider flaw prevents intended ACL use when client to an AD provider2013-02-13
CVE-2013-0287 (MEDIUM CVSS 4.9) | The Simple Access Provider in Syste | cvebase.io