CVE-2018-16883

CWE-200 — Information Exposure9 documents7 sources

Severity

5.5MEDIUM

EPSS

0.1%

top 68.20%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Sssd [unknown] Sssd

Timeline

PublishedDec 19

Latest updateMay 13

Description

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

CVSS vector

CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.0 | Impact: 1.4

Affected Packages3 packages

▶NVDfedoraproject/sssd1.13.0 — 2.0.0

▶Debiansssd< 2.2.0-1+3

▶CVEListV5[unknown]/sssd2.0.0

🔴Vulnerability Details

GHSA

GHSA-4qf7-r2vx-jf49: sssd versions from 1↗2022-05-13

▶

CVEList

CVE-2018-16883: sssd versions from 1↗2018-12-19

▶

OSV

CVE-2018-16883: sssd versions from 1↗2018-12-19

▶

📋Vendor Advisories

Red Hat

sssd: Information leak in infopipe due to an improper uid restriction↗2018-12-19

▶

Debian

CVE-2018-16883: sssd - sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to th...↗2018

▶

💬Community

Bugzilla

CVE-2018-16883 sssd: Information leak in infopipe due to an improper uid restriction [fedora-all]↗2018-12-19

▶

Bugzilla

CVE-2018-16883 sssd: Information leak in infopipe due to an improper uid restriction↗2018-12-17

▶