CVE-2019-3811 — MEDIUM (5.2)

Q: How severe is CVE-2019-3811?

CVE-2019-3811 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2019-3811?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Redhat Enterprise Linux.

Vulnerability Description

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

CVSS Score

5.2

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Sssd	< 2.1
Debian	Debian Linux	8.0
Fedoraproject	Fedora	-
Opensuse	Leap	15.0
Redhat	Enterprise Linux	7.0

Related Weaknesses (CWE)

CWE-552 CWE-200

References

http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106644Broken Link
https://access.redhat.com/errata/RHSA-2019:2177Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811Issue TrackingPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html
http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.htmlMailing ListThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.htmlMailing ListThird Party Advisory
http://www.securityfocus.com/bid/106644Broken Link
https://access.redhat.com/errata/RHSA-2019:2177Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811Issue TrackingPatchVendor Advisory
https://lists.debian.org/debian-lts-announce/2019/01/msg00011.htmlMailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html

FAQ

What is CVE-2019-3811?

CVE-2019-3811 is a vulnerability with a CVSS score of 5.2 (MEDIUM). A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impa...

How severe is CVE-2019-3811?

CVE-2019-3811 has been rated MEDIUM with a CVSS base score of 5.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2019-3811?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Debian Debian Linux, Fedoraproject Fedora, Opensuse Leap, Redhat Enterprise Linux.