CVE-2018-16838

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions sssd (affected versions not specified)

Description A flaw was found in the sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. The issue is related to insufficient access control in the sssd service, which may allow a remote attacker to disclose protected information and impact its integrity.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Improper Access Control

Improper Privilege Management

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-269

Related Identifiers

ALT-PU-2019-4167

BDU:2020-04879

CESA-2019_2177

CESA-2019_3651

CVE-2018-16838

DLA-3436-1

MGASA-2019-0395

OPENSUSE-SU-2019:1589-1

OPENSUSE-SU-2019_1576-1

OPENSUSE-SU-2019_1589-1

OPENSUSE-SU-2024:13446-1

RHSA-2019:2177

RHSA-2019:2437

RHSA-2019:3651

RHSA-2019_2177

RHSA-2019_3651

SUSE-SU-2019:1476-1

SUSE-SU-2019:1477-1

SUSE-SU-2019:1480-1

SUSE-SU-2019_1476-1

SUSE-SU-2019_1477-1

SUSE-SU-2019_1480-1

USN-5067-1

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Sssd

CVE-2018-16838

Weakness Enumeration

Related Identifiers

Affected Products

References · 47