5.2
CVE-2019-3811
- EPSS 0.16%
- Published 15.01.2019 15:29:00
- Last modified 21.11.2024 04:42:35
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.
Data is provided by the National Vulnerability Database (NVD)
Fedoraproject ≫ Sssd Version < 2.1
Debian ≫ Debian Linux Version8.0
Fedoraproject ≫ Fedora Version-
Redhat ≫ Enterprise Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.37 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.2 | 1.5 | 3.6 |
CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 2.7 | 5.1 | 2.9 |
AV:A/AC:L/Au:S/C:N/I:N/A:P
|
| secalert@redhat.com | 4.1 | 2.3 | 1.4 |
CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-552 Files or Directories Accessible to External Parties
The product makes files or directories accessible to unauthorized actors, even though they should not be.