Lucene search

ROSA LABROSA-SA-2021-1977

HistoryJul 02, 2021 - 6:10 p.m.

Advisory ROSA-SA-2021-1977

2021-07-0218:10:53

ROSA LAB

abf.rosalinux.ru

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Software: sssd 1.16.5
OS: Cobalt 7.9

CVE-ID: CVE-2018-16883
CVE-Crit: MEDIUM
CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the “allowed_uids” configuration parameter. If sensitive information was stored in a user’s directory, it may have been inadvertently exposed to local attackers.
CVE-STATUS: default
CVE-REV: default

CVE-ID: CVE-2019-3811
CVE-Crit: MEDIUM
CVE-DESC: a vulnerability has been discovered in sssd. If a user was configured without a home directory set, sssd will return ‘/’ (root directory) instead of ‘’ (empty string / no home directory). This can affect services that restrict access to a user’s file system within their home directory via chroot () etc. D. All versions prior to 2.1 are vulnerable.
CVE-STATUS: default
CVE-REV: default

OSVersionArchitecturePackageVersionFilename
Cobaltanynoarchsssd< 1.16.5UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Cobalt	any	noarch	sssd	< 1.16.5	UNKNOWN