7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
sssd is vulnerable to information disclosure. The set of sudo rules in SSSD-sudo responder is configured with insecure permissions which would allow any user using the same raw protocol to read sudo rules for any user.
www.securityfocus.com/bid/104547
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3158
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1385665
bugzilla.redhat.com/show_bug.cgi?id=1416528
bugzilla.redhat.com/show_bug.cgi?id=1459348
bugzilla.redhat.com/show_bug.cgi?id=1509691
bugzilla.redhat.com/show_bug.cgi?id=1514061
bugzilla.redhat.com/show_bug.cgi?id=1516266
bugzilla.redhat.com/show_bug.cgi?id=1522928
bugzilla.redhat.com/show_bug.cgi?id=1534749
bugzilla.redhat.com/show_bug.cgi?id=1537272
bugzilla.redhat.com/show_bug.cgi?id=1537279
bugzilla.redhat.com/show_bug.cgi?id=1538555
bugzilla.redhat.com/show_bug.cgi?id=1546754
bugzilla.redhat.com/show_bug.cgi?id=1558498
bugzilla.redhat.com/show_bug.cgi?id=1562025
bugzilla.redhat.com/show_bug.cgi?id=1565774
bugzilla.redhat.com/show_bug.cgi?id=1566782
bugzilla.redhat.com/show_bug.cgi?id=1571526
bugzilla.redhat.com/show_bug.cgi?id=1577335
bugzilla.redhat.com/show_bug.cgi?id=1578291
bugzilla.redhat.com/show_bug.cgi?id=1583251
bugzilla.redhat.com/show_bug.cgi?id=1583725
bugzilla.redhat.com/show_bug.cgi?id=1600822
bugzilla.redhat.com/show_bug.cgi?id=1602781
bugzilla.redhat.com/show_bug.cgi?id=1607313
bugzilla.redhat.com/show_bug.cgi?id=1610667
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852
lists.debian.org/debian-lts-announce/2018/07/msg00019.html
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N