5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
sssd is vulnerable to improper access restriction. The vulnerability exists because it does not implement Group Policy Objects, resulting in too restrictive permissions.Therefore sssd allows authenticated users to login instead of denying access.
lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.7_release_notes/index
access.redhat.com/errata/RHSA-2019:2177
access.redhat.com/errata/RHSA-2019:2437
access.redhat.com/errata/RHSA-2019:3651
access.redhat.com/security/cve/CVE-2018-16838
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1350012
bugzilla.redhat.com/show_bug.cgi?id=1402056
bugzilla.redhat.com/show_bug.cgi?id=1406678
bugzilla.redhat.com/show_bug.cgi?id=1614296
bugzilla.redhat.com/show_bug.cgi?id=1619706
bugzilla.redhat.com/show_bug.cgi?id=1631656
bugzilla.redhat.com/show_bug.cgi?id=1640820
bugzilla.redhat.com/show_bug.cgi?id=1645461
bugzilla.redhat.com/show_bug.cgi?id=1653759
bugzilla.redhat.com/show_bug.cgi?id=1658994
bugzilla.redhat.com/show_bug.cgi?id=1671138
bugzilla.redhat.com/show_bug.cgi?id=1672527
bugzilla.redhat.com/show_bug.cgi?id=1677355
bugzilla.redhat.com/show_bug.cgi?id=1677665
bugzilla.redhat.com/show_bug.cgi?id=1679173
bugzilla.redhat.com/show_bug.cgi?id=1684979
bugzilla.redhat.com/show_bug.cgi?id=1685472
bugzilla.redhat.com/show_bug.cgi?id=1685581
bugzilla.redhat.com/show_bug.cgi?id=1707759
bugzilla.redhat.com/show_bug.cgi?id=1710286
bugzilla.redhat.com/show_bug.cgi?id=1711832
bugzilla.redhat.com/show_bug.cgi?id=720688
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
5.5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N