CVE-2018-16883
published 2018-12-19CVE-2018-16883: sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If…
medium5.5CVSS 3.0
AVLACLPRLUINSUCHINAN
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | < sssd 2.2.0-1 (bookworm) | sssd 2.2.0-1 (bookworm) |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 1.13.0 < 2.0.0 | 2.0.0 |
CVSS provenance
nvdv3.05.5MEDIUMCVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
osv5.5MEDIUM