CVE-2018-16883

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-16883
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16883.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-16883
Downstream
Published
2018-12-19T14:29:00.283Z
Modified
2026-03-10T14:35:00.173487Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers.

References

Affected packages

Git / github.com/sssd/sssd

Affected ranges

Type
GIT
Repo
https://github.com/sssd/sssd
Events
Introduced
9e0a2ea88a09cff98f4cb53d64bd805181817998
Fixed
38fb7c1ac5c60153b99d58f5be9ecadf5ce4363c
Database specific 
{
    "versions": [
        {
            "introduced": "1.13.0"
        },
        {
            "fixed": "2.0.0"
        }
    ]
}

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-16883.json"