CVE-2018-16883

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16883
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16883.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-16883
Downstream
Published
2018-12-19T14:29:00.283Z
Modified
2026-02-24T01:13:11.757394Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

References

Affected packages

Git / pagure.io/SSSD/sssd

Affected ranges

Type
GIT
Repo
https://pagure.io/SSSD/sssd
Events
Introduced
9e0a2ea88a09cff98f4cb53d64bd805181817998
Fixed
38fb7c1ac5c60153b99d58f5be9ecadf5ce4363c

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16883.json"