CVE-2018-10852
sssd - security update
7.5
HIGH
CVSS 3.1
EPSS 0.27%
Description
The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
How to fix CVE-2018-10852
To remediate CVE-2018-10852, upgrade the affected package to a fixed version below.
- —upgrade to 1.16.3-1 or later
- —upgrade to 1.11.7-3+deb8u1 or later
Is CVE-2018-10852 being exploited?
Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 1.16.3-1
- from 0, < 1.11.7-3+deb8u1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |