fedoraproject sssd CVE-2018-10852 vulnerability in Fedora Project and Other Products
Published on June 26, 2018

product logo product logo product logo product logo
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.

Vendor Advisory NVD

Weakness Type

What is an Information Disclosure Vulnerability?

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

CVE-2018-10852 has been classified to as an Information Disclosure vulnerability or weakness.


Products Associated with CVE-2018-10852

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-10852 are published in these products:

Fedora Project Sssd
 
Debian Linux
 
Red Hat Enterprise Linux Desktop
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Workstation
 
Canonical Ubuntu Linux
 

Affected Versions

[UNKNOWN] sssd Version SSSD 1.16.3 is affected by CVE-2018-10852

Exploit Probability

EPSS
0.30%
Percentile
53.25%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.