Published: 19/12/2018 Updated: 09/10/2019

CVSS v2 Base Score: 2.1 | Impact Score: 2.9 | Exploitability Score: 3.9

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 187

Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N

sssd versions from 1.13.0 to prior to 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

Vulnerable Product	Search on Vulmon	Subscribe to Product
fedoraproject sssd

Debian Bug report logs - #916824 sssd: CVE-2018-16883: Information leak in infopipe due to an improper uid restriction Package: src:sssd; Maintainer for src:sssd is Debian SSSD Team <pkg-sssd-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 19 Dec 2018 05:09:02 UTC Seve ...

Debian Bug report logs - #902860 sssd: CVE-2018-10852: information leak from the sssd-sudo responder Package: src:sssd; Maintainer for src:sssd is Debian SSSD Team <pkg-sssd-devel@alioth-listsdebiannet>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 2 Jul 2018 12:39:01 UTC Severity: important Ta ...

sssd, versions 1130 to before 200, did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter Sensitive information could be inadvertently disclosed to local attackers if it was stored in the user directory ...

CWE-200 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883 http://www.securityfocus.com/bid/106264 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=916824 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2018-16883

CVE-2018-16883

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect