CVE-2019-3811
published 2019-01-15CVE-2019-3811: A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty…
medium5.2CVSS 3.1
AVAACLPRLUIRSUCNINAH
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
Affected
13 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | sssd | < sssd 2.2.0-1 (bookworm) | sssd 2.2.0-1 (bookworm) |
| fedoraproject | sssd | < 2.1 | 2.1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 2.2.0-1 | 2.2.0-1 |
| fedoraproject | sssd | >= 0 < 1.16.1-1ubuntu1.8 | 1.16.1-1ubuntu1.8 |
| fedoraproject | sssd | >= 0 < 2.2.3-3ubuntu0.7 | 2.2.3-3ubuntu0.7 |
| opensuse | leap | — | — |
| opensuse | leap | — | — |
| redhat | enterprise_linux | — | — |
| the_sssd_project | sssd | — | — |
CVSS provenance
nvdv3.15.2MEDIUMCVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
osv7.5HIGH