{"id":"CVE-2019-3811","details":"A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty string / no home directory). This could impact services that restrict the user's filesystem access to within their home directory through chroot() etc. All versions before 2.1 are vulnerable.","modified":"2026-04-16T01:38:14.145796830Z","published":"2019-01-15T15:29:00.360Z","related":["SUSE-SU-2019:0542-1","SUSE-SU-2019:0552-1","SUSE-SU-2019:0556-1","SUSE-SU-2019:0805-1","openSUSE-SU-2019:0344-1","openSUSE-SU-2024:13446-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","extracted_events":[{"last_affected":"8.0"}],"cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"15.0"}],"cpe":"cpe:2.3:o:opensuse:leap:15.0:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"42.3"}],"cpe":"cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*"},{"source":"CPE_FIELD","extracted_events":[{"last_affected":"7.0"}],"cpe":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*"}]},"references":[{"type":"WEB","url":"http://www.securityfocus.com/bid/106644"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00026.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00045.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2019:2177"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/01/msg00011.html"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3811"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sssd/sssd","events":[{"introduced":"0"},{"fixed":"3aee2b3a83e3a7c0fda11927fd84424e4d473fa4"}],"database_specific":{"source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"fixed":"2.1"}],"cpe":"cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:*"}}],"versions":["sssd-0_2_0","sssd-0_2_1","sssd-0_3_1","sssd-0_3_2","sssd-0_3_3","sssd-0_4_0","sssd-0_4_1","sssd-0_5_0","sssd-0_6_0","sssd-0_7_0","sssd-0_99_0","sssd-1_0_99","sssd-1_10_0","sssd-1_10_90","sssd-1_10_92","sssd-1_10_alpha1","sssd-1_10_beta1","sssd-1_10_beta2","sssd-1_11_0","sssd-1_11_0_beta1","sssd-1_11_0_beta2","sssd-1_11_90","sssd-1_11_91","sssd-1_12_0","sssd-1_12_0_beta1","sssd-1_12_0_beta2","sssd-1_12_1","sssd-1_12_2","sssd-1_12_3","sssd-1_12_90","sssd-1_13_0","sssd-1_13_0_alpha","sssd-1_13_1","sssd-1_13_90","sssd-1_13_91","sssd-1_14_0","sssd-1_14_0_alpha1","sssd-1_14_0_beta1","sssd-1_14_1","sssd-1_14_2","sssd-1_15_0","sssd-1_15_1","sssd-1_15_2","sssd-1_15_3","sssd-1_16_0","sssd-1_16_1","sssd-1_16_2","sssd-1_16_3","sssd-1_2_91","sssd-1_3_0","sssd-1_4_0","sssd-1_5_0","sssd-1_5_1","sssd-1_6_0","sssd-1_8_91","sssd-1_8_92","sssd-1_8_93","sssd-1_8_94","sssd-1_8_95","sssd-1_8_96","sssd-1_8_97","sssd-1_8_98","sssd-1_9_0","sssd-1_9_0_beta1","sssd-1_9_0_beta2","sssd-1_9_0_beta3","sssd-1_9_0_beta4","sssd-1_9_0_beta5","sssd-1_9_0_beta6","sssd-1_9_0_beta7","sssd-1_9_0_rc1","sssd-1_9_1","sssd-1_9_2","sssd-1_9_91","sssd-1_9_92","sssd-1_9_93","sssd-1_9_94"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-3811.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H"}]}