Your submission was sent successfully! Close

CVE-2018-16838

Published: 25 March 2019

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

Notes

AuthorNote
mdeslaur
introduced in https://github.com/SSSD/sssd/commit/60cab26b12
Priority

Low

CVSS 3 base score: 5.4

Status

Package Release Status
sssd
Launchpad, Ubuntu, Debian
bionic
Released (1.16.1-1ubuntu1.8)
cosmic Ignored
(reached end-of-life)
disco Ignored
(reached end-of-life)
eoan Not vulnerable
(2.2.0-4ubuntu1)
focal Not vulnerable
(2.2.2-1)
groovy Not vulnerable
(2.2.2-1)
hirsute Not vulnerable
(2.2.2-1)
impish Not vulnerable
(2.2.2-1)
jammy Not vulnerable
(2.2.2-1)
precise Does not exist

trusty Does not exist
(trusty was deferred [2019-04-23])
upstream
Released (2.2.0-1)
xenial Needed

Patches:
upstream: https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175