CVE-2017-7488

MEDIUM

Authconfig <6.2.8 - Info Disclosure

Title source: llm
STIX 2.1

Description

Authconfig version 6.2.8 is vulnerable to an Information exposure while using SSSD to authenticate against remote server resulting in the leak of information about existing usernames.

References (4)

Core 4
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/101784
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2017:2285
Issue Tracking, Patch, Third Party Advisory, VDB Entry x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1441604

Scores

CVSS v3 4.3
EPSS 0.0144
EPSS Percentile 70.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
authconfig/authconfig 6.2.8
authconfig_project/authconfig 6.2.8
Published May 16, 2017
Tracked Since Feb 18, 2026