GCVE - cpe:2.3:a:[unknown]:sssd:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:[unknown]:sssd:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	[Unknown] (`5b07108a-8f0c-5d28-ab99-c4ff62adb460`)
Product	Sssd (`cc4fc6a3-388f-5e02-8e47-f3c934abc199`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2018-16883`	vulnerable	2026-06-03 14:38:21.206920	Details available LOW (2.5) sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitive information were stored in the user directory, this could be inadvertently disclosed to local attackers. Published: 2018-12-19T14:00:00.000Z Updated: 2024-08-05T10:32:54.202Z Open on db.gcve.eu Reference links http://www.securityfocus.com/bid/106264 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16883	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-16838`	vulnerable	2026-06-03 14:38:21.060720	Details available MEDIUM (5.4) A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access. Published: 2019-03-25T17:41:18.000Z Updated: 2025-02-13T16:27:17.428Z Open on db.gcve.eu Reference links https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16838 http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00042.html http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00051.html https://access.redhat.com/errata/RHSA-2019:2177 https://access.redhat.com/errata/RHSA-2019:2437	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2018-10852`	vulnerable	2026-06-03 14:38:00.282210	Details available LOW (3.8) The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3. Published: 2018-06-26T14:00:00.000Z Updated: 2024-08-05T07:46:47.244Z Open on db.gcve.eu Reference links https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852 https://access.redhat.com/errata/RHSA-2018:3158 http://www.securityfocus.com/bid/104547	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.