QwikSec

Security Database

CVE

CWE

Training

CVE-2019-3811

Published: Jan 15, 2019

Modified: Feb 13, 2025

PUBLISHED

CVSS v3.0

4.1

MEDIUM

Description

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Vendor	Product	Versions
The sssd Project	sssd	affected `2.1`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

None

References

[debian-lts-announce] 20190117 [SECURITY] [DLA 1635-1] sssd security update

mailing-list

x_refsource_MLIST

vdb-entry

x_refsource_BID

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811

x_refsource_CONFIRM

openSUSE-SU-2019:0344

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2019:1174

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.