Vulnerability Details CVE-2017-7488
Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 55.8%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
- http://www.securityfocus.com/bid/101784
- https://access.redhat.com/errata/RHSA-2017:2285
- https://bugzilla.redhat.com/show_bug.cgi?id=1441604
- https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master
- http://www.securityfocus.com/bid/101784
- https://access.redhat.com/errata/RHSA-2017:2285
- https://bugzilla.redhat.com/show_bug.cgi?id=1441604
- https://pagure.io/authconfig/c/0972f61ad4b5657ed89cf953e8f58f6513096224?branch=master
Products affected by CVE-2017-7488
-
cpe:2.3:a:authconfig_project:authconfig:6.2.8