ROSA LABROSA-SA-2021-1977Advisory ROSA-SA-2021-1977
2.7 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
5.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%
Software: sssd 1.16.5
OS: Cobalt 7.9
CVE-ID: CVE-2018-16883
CVE-Crit: MEDIUM
CVE-DESC: sssd versions 1.13.0 through 2.0.0 incorrectly restricted access to the information channel according to the “allowed_uids” configuration parameter. If sensitive information was stored in a user’s directory, it may have been inadvertently exposed to local attackers.
CVE-STATUS: default
CVE-REV: default
CVE-ID: CVE-2019-3811
CVE-Crit: MEDIUM
CVE-DESC: a vulnerability has been discovered in sssd. If a user was configured without a home directory set, sssd will return ‘/’ (root directory) instead of ‘’ (empty string / no home directory). This can affect services that restrict access to a user’s file system within their home directory via chroot () etc. D. All versions prior to 2.1 are vulnerable.
CVE-STATUS: default
CVE-REV: default
Related
2.7 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:L/Au:S/C:N/I:N/A:P
5.2 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
5.6 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
23.5%