Security Flaw in sssd Group Policy Objects in Red Hat Products
CVE-2018-16838

5.4MEDIUM

Key Information:

Vendor

[unknown]

Status
Sssd
Vendor
CVE Published:
25 March 2019

What is CVE-2018-16838?

A vulnerability exists in the sssd implementation of Group Policy Objects, which can lead to unauthorized access. If the necessary permissions for GPO are not appropriately set on the server, sssd mistakenly permits all authenticated users to log in, ignoring the defined access restrictions. This could expose sensitive systems to potential unauthorized user access, thereby undermining the integrity and security of the environment.

Affected Version(s)

sssd

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838
x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2019...
vendor-advisoryx_refsource_SUSE

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.