Описание
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was deferred |
| cosmic | ignored | end of life |
| devel | not-affected | 2.8.1-1ubuntu1 |
| disco | ignored | end of life |
| eoan | ignored | end of life |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1.11.8-0ubuntu0.7]] |
| esm-infra/bionic | deferred | |
| esm-infra/focal | not-affected | 2.2.3-3ubuntu0.9 |
| esm-infra/xenial | deferred | |
| focal | not-affected | 2.2.3-3ubuntu0.9 |
Показывать по
Ссылки на источники
EPSS
2.1 Low
CVSS2
2.5 Low
CVSS3
Связанные уязвимости
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict ac ...
sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.
EPSS
2.1 Low
CVSS2
2.5 Low
CVSS3