sssd (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package sssd, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (4)
CVE-2018-16838 — CVSS 5.4 (medium): A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings…
CVE-2019-3811 — CVSS 5.2 (medium): A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' (the root directory) instead…
CVE-2017-12173 — CVSS 4.3 (medium): It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and…
CVE-2018-10852 — CVSS 3.8 (low): The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone…