Vulnerability in Fedoraproject Sssd
CVE-2013-0287
The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce the simple_deny_groups option, which allows remote authenticated users to bypas…
EPSS: 0.022 (79.8th percentile) — read the EPSS interpretation.
Affected products
- Fedoraproject Sssd — versions 1.9.0, 1.9.1, 1.9.2
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (vendor-advisory, x_refsource_SUSE)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (x_refsource_MISC)
- secalert@redhat.com (mailing-list, x_refsource_MLIST)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)
- secalert@redhat.com (vdb-entry, x_refsource_BID)
- secalert@redhat.com (x_refsource_SECUNIA, Vendor Advisory, third-party-advisory)
- secalert@redhat.com (x_refsource_CONFIRM, Patch)