Lucene search

K

Veracode Vulnerability DatabaseVERACODE:13165

HistoryJan 15, 2019 - 9:26 a.m.

Information Disclosure

2019-01-1509:26:43

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

6

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

sssd is vulnerable to information disclosure. The set of sudo rules in SSSD-sudo responder is configured with insecure permissions which would allow any user using the same raw protocol to read sudo rules for any user.

CPENameOperatorVersion
sssdeq1.16.0__19.el7_5.5
sssdeq1.16.0__19.el7_5.8
sssdeq1.12.0__2.el7
sssd:bioniceq1.16.1-1ubuntu1
sssd:bioniceq1.16.1-1ubuntu1.7
sssd:bioniceq1.16.1-1ubuntu1.6

References

www.securityfocus.com/bid/104547

access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index

access.redhat.com/errata/RHSA-2018:3158

access.redhat.com/security/updates/classification/#low

bugzilla.redhat.com/show_bug.cgi?id=1385665

bugzilla.redhat.com/show_bug.cgi?id=1416528

bugzilla.redhat.com/show_bug.cgi?id=1459348

bugzilla.redhat.com/show_bug.cgi?id=1509691

bugzilla.redhat.com/show_bug.cgi?id=1514061

bugzilla.redhat.com/show_bug.cgi?id=1516266

bugzilla.redhat.com/show_bug.cgi?id=1522928

bugzilla.redhat.com/show_bug.cgi?id=1534749

bugzilla.redhat.com/show_bug.cgi?id=1537272

bugzilla.redhat.com/show_bug.cgi?id=1537279

bugzilla.redhat.com/show_bug.cgi?id=1538555

bugzilla.redhat.com/show_bug.cgi?id=1546754

bugzilla.redhat.com/show_bug.cgi?id=1558498

bugzilla.redhat.com/show_bug.cgi?id=1562025

bugzilla.redhat.com/show_bug.cgi?id=1565774

bugzilla.redhat.com/show_bug.cgi?id=1566782

bugzilla.redhat.com/show_bug.cgi?id=1571526

bugzilla.redhat.com/show_bug.cgi?id=1577335

bugzilla.redhat.com/show_bug.cgi?id=1578291

bugzilla.redhat.com/show_bug.cgi?id=1583251

bugzilla.redhat.com/show_bug.cgi?id=1583725

bugzilla.redhat.com/show_bug.cgi?id=1600822

bugzilla.redhat.com/show_bug.cgi?id=1602781

bugzilla.redhat.com/show_bug.cgi?id=1607313

bugzilla.redhat.com/show_bug.cgi?id=1610667

bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852

lists.debian.org/debian-lts-announce/2018/07/msg00019.html

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

Related for VERACODE:13165

redhatcve1 ubuntucve1 nessus20 openvas12 debiancve1 suse2 redhat1 oraclelinux1 osv2 prion1 centos1 amazon2 debian1 cve1 mageia1 ubuntu1