Vulnerability Details CVE-2018-16838
A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.01
EPSS Ranking 76.6%
CVSS Severity
CVSS v3 Score 5.4
CVSS v2 Score 5.5
References
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html
- https://access.redhat.com/errata/RHSA-2019:2177
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:3651
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838
- https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html
- http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html
- https://access.redhat.com/errata/RHSA-2019:2177
- https://access.redhat.com/errata/RHSA-2019:2437
- https://access.redhat.com/errata/RHSA-2019:3651
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838
- https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html
Products affected by CVE-2018-16838
-
cpe:2.3:a:fedoraproject:sssd:-
-
cpe:2.3:o:redhat:enterprise_linux:7.0