CVE-2018-16838

Public on 2019-03-25

Modified on 2019-10-30

Description

A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.

Severity

Low

See what this means

CVSS v3 Base Score

5.4

See breakdown

Affected Packages

Platform	Package	Release Date	Advisory
Amazon Linux 1	sssd	2019-10-08 21:07	ALAS-2019-1307
Amazon Linux 2 - Core	sssd	2019-10-28 17:45	ALAS2-2019-1343

CVSS Scores

	Score Type	Score	Vector
Amazon Linux	CVSSv3	5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
NVD	CVSSv2	5.5	AV:N/AC:L/Au:S/C:P/I:P/A:N
NVD	CVSSv3	5.4	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References

Red Hat: CVE-2018-16838 Mitre: CVE-2018-16838 FAQs regarding Amazon Linux ALAS/CVE Severity