{
  "threat_severity" : "Moderate",
  "public_date" : "2018-12-04T00:00:00Z",
  "bugzilla" : {
    "description" : "sssd: fallback_homedir returns '/' for empty home directories in passwd file",
    "id" : "1656618",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1656618"
  },
  "cvss3" : {
    "cvss3_base_score" : "4.1",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-552->CWE-200",
  "details" : [ "A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.", "A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot()." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2019-08-06T00:00:00Z",
    "advisory" : "RHSA-2019:2177",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "sssd-0:1.16.4-21.el7"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Will not fix",
    "package_name" : "sssd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "sssd",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-3811\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-3811" ],
  "name" : "CVE-2019-3811",
  "csaw" : false
}