CVE-2019-3811 MEDIUM

CVE-2019-3811

Vendor The Sssd Project

Product sssd

Weakness CWE-552 · Files accessible externally

Published January 15, 2019

Last update February 13, 2025

View on NVD All CVEs

CVSS base score

4.1/10

Attack vector Adjacent

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity Low

CVSS vector

CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

What the vulnerability does

01Description

A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.

Key dates

02Disclosure timeline

January 15, 2019 CVE published

February 13, 2025 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2019-3811 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/552.html

Related vulnerabilities

CVE-2019-3811

01Description

02Disclosure timeline

03References

04Related CVE