Fedoraproject Sssd
18 CVEs affecting Fedoraproject Sssd. Latest disclosed: 2024-04-18. Critical: 0, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2022-4254 | High | 8.8 | 2023-02-01 | sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters |
CVE-2021-3621 | High | 8.8 | 2021-12-23 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows… |
CVE-2012-3462 | High | 8.8 | 2019-12-26 | A flaw was found in SSSD version 1.9.0. The SSSD's access-provider logic causes the result of the HBAC rule processing to be ignored in the event that the acce… |
CVE-2023-3758 | High | 7.1 | 2024-04-18 | A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issue… |
CVE-2018-16838 | Medium | 5.4 | 2019-03-25 | A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side… |
CVE-2019-3811 | Medium | 5.2 | 2019-01-15 | A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead of '' (the empty str… |
CVE-2017-12173 | Medium | 4.3 | 2018-07-27 | It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to in… |
CVE-2018-10852 | Low | 3.8 | 2018-06-26 | The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a mess… |
CVE-2018-16883 | Low | 2.5 | 2018-12-19 | sssd versions from 1.13.0 to before 2.0.0 did not properly restrict access to the infopipe according to the "allowed_uids" configuration parameter. If sensitiv… |
CVE-2015-5292 | | 2015-10-29 | Memory leak in the Privilege Attribute Certificate (PAC) responder plugin (sssd_pac_plugin.so) in System Security Services Daemon (SSSD) 1.10 before 1.13.1 all… | |
CVE-2014-0249 | | 2014-06-11 | The System Security Services Daemon (SSSD) 1.11.6 does not properly identify group membership when a non-POSIX group is in a group membership chain, which allo… | |
CVE-2013-0287 | | 2013-03-21 | The Simple Access Provider in System Security Services Daemon (SSSD) 1.9.0 through 1.9.4, when the Active Directory provider is used, does not properly enforce… | |
CVE-2013-0220 | | 2013-02-24 | The (1) sss_autofs_cmd_getautomntent and (2) sss_autofs_cmd_getautomntbyname function in responder/autofs/autofssrv_cmd.c and the (3) ssh_cmd_parse_request fun… | |
CVE-2013-0219 | | 2013-02-24 | System Security Services Daemon (SSSD) before 1.9.4, when (1) creating, (2) copying, or (3) removing a user home directory tree, allows local users to create… | |
CVE-2011-1758 | | 2011-05-26 | The krb5_save_ccname_done function in providers/krb5/krb5_auth.c in System Security Services Daemon (SSSD) 1.5.x before 1.5.7, when automatic ticket renewal an… | |
CVE-2010-4341 | | 2011-01-25 | The pam_parse_in_data_v2 function in src/responder/pam/pamsrv_cmd.c in the PAM responder in SSSD 1.5.0, 1.4.x, and 1.3 allows local users to cause a denial of… | |
CVE-2010-2940 | | 2010-08-30 | The auth_send function in providers/ldap/ldap_auth.c in System Security Services Daemon (SSSD) 1.3.0, when LDAP authentication and anonymous bind are enabled… | |
CVE-2010-0014 | | 2010-01-14 | System Security Services Daemon (SSSD) before 1.0.1, when the krb5 auth_provider is configured but the KDC is unreachable, allows physically proximate attacker… |