Lucene search

K
redhatcveRedhat.comRH:CVE-2018-16883
HistoryDec 19, 2018 - 1:49 a.m.

CVE-2018-16883

2018-12-1901:49:19
redhat.com
access.redhat.com
9

0.0004 Low

EPSS

Percentile

5.1%

sssd, versions 1.13.0 to before 2.0.0, did not properly restrict access to the infopipe according to the “allowed_uids” configuration parameter. Sensitive information could be inadvertently disclosed to local attackers if it was stored in the user directory.

Mitigation

This vulnerability is only exposed if the infopipe service is enabled (enabled by default in Red Hat Enterprise Linux 7, disabled by default in Red Hat Enterprise Linux 6), and [ifp].allowed_uids is relied upon to protect sensitive information in the user directory.

0.0004 Low

EPSS

Percentile

5.1%