CVE-2018-16838
Summary
| CVE | CVE-2018-16838 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2019-03-25 18:29:00 UTC |
|---|
| Updated | 2023-05-29 17:15:00 UTC |
|---|
| Description | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| [security-announce] openSUSE-SU-2019:1589-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| [security-announce] openSUSE-SU-2019:1576-1: moderate: Security update f |
SUSE |
lists.opensuse.org |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| CVE-2018-16838 - Red Hat Customer Portal |
MISC |
access.redhat.com |
|
| Red Hat Customer Portal |
REDHAT |
access.redhat.com |
|
| 1640820 – (CVE-2018-16838) CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions |
MISC |
bugzilla.redhat.com |
|
| 1640820 – (CVE-2018-16838) CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions |
CONFIRM |
bugzilla.redhat.com |
Issue Tracking, Third Party Advisory |
| [SECURITY] [DLA 3436-1] sssd security update |
MISC |
lists.debian.org |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 181811 Debian Security Update for sssd (DLA 3436-1)
- 198490 Ubuntu Security Notification for SSSD Vulnerabilities (USN-5067-1)
- 377523 Alibaba Cloud Linux Security Update for sssd (ALINUX2-SA-2019:0093)
