Lucene search
Redhat.comRH:CVE-2018-16883HistoryDec 19, 2018 - 1:49 a.m.
CVE-2018-16883
2018-12-1901:49:19
redhat.com
access.redhat.com
9
0.0004 Low
EPSS
Percentile
5.1%
sssd, versions 1.13.0 to before 2.0.0, did not properly restrict access to the infopipe according to the “allowed_uids” configuration parameter. Sensitive information could be inadvertently disclosed to local attackers if it was stored in the user directory.
Mitigation
This vulnerability is only exposed if the infopipe service is enabled (enabled by default in Red Hat Enterprise Linux 7, disabled by default in Red Hat Enterprise Linux 6), and [ifp].allowed_uids is relied upon to protect sensitive information in the user directory.
Related
ubuntucve
ubuntucve
CVE-2018-16883
2018-12-19 00:00:00
nvd
nvd
CVE-2018-16883
2018-12-19 14:29:00
nessus
nessus
RHEL 7 : sssd (Unpatched Vulnerability)
2024-06-03 00:00:00
RHEL 7 : sssd (Unpatched Vulnerability)
2024-05-11 00:00:00
RHEL 6 : sssd (Unpatched Vulnerability)
2024-06-03 00:00:00
debiancve
debiancve
CVE-2018-16883
2018-12-19 14:29:00
cve
cve
CVE-2018-16883
2018-12-19 14:29:00
cvelist
cvelist
CVE-2018-16883
2018-12-19 14:00:00
prion
prion
Design/Logic Flaw
2018-12-19 14:29:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1977
2021-07-02 18:10:53