{"id":"CVE-2018-10852","details":"The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.","modified":"2026-04-16T06:20:04.093094058Z","published":"2018-06-26T14:29:02.207Z","related":["SUSE-SU-2018:2144-1","SUSE-SU-2019:0081-1","SUSE-SU-2019:0556-1","openSUSE-SU-2024:11408-1"],"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/104547"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3158"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sssd/sssd","events":[{"introduced":"0"},{"fixed":"61c515aa8484bdbcf2f4bc63c7032ade1c6ec06f"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.16.3"}]}}],"versions":["sssd-0_2_0","sssd-0_2_1","sssd-0_3_1","sssd-0_3_2","sssd-0_3_3","sssd-0_4_0","sssd-0_4_1","sssd-0_5_0","sssd-0_6_0","sssd-0_7_0","sssd-0_99_0","sssd-1_0_99","sssd-1_10_0","sssd-1_10_90","sssd-1_10_92","sssd-1_10_alpha1","sssd-1_10_beta1","sssd-1_10_beta2","sssd-1_11_0","sssd-1_11_0_beta1","sssd-1_11_0_beta2","sssd-1_11_90","sssd-1_11_91","sssd-1_12_0","sssd-1_12_0_beta1","sssd-1_12_0_beta2","sssd-1_12_1","sssd-1_12_2","sssd-1_12_3","sssd-1_12_90","sssd-1_13_0","sssd-1_13_0_alpha","sssd-1_13_1","sssd-1_13_90","sssd-1_13_91","sssd-1_14_0","sssd-1_14_0_alpha1","sssd-1_14_0_beta1","sssd-1_14_1","sssd-1_14_2","sssd-1_15_0","sssd-1_15_1","sssd-1_15_2","sssd-1_15_3","sssd-1_16_0","sssd-1_16_1","sssd-1_16_2","sssd-1_2_91","sssd-1_3_0","sssd-1_4_0","sssd-1_5_0","sssd-1_5_1","sssd-1_6_0","sssd-1_8_91","sssd-1_8_92","sssd-1_8_93","sssd-1_8_94","sssd-1_8_95","sssd-1_8_96","sssd-1_8_97","sssd-1_8_98","sssd-1_9_0","sssd-1_9_0_beta1","sssd-1_9_0_beta2","sssd-1_9_0_beta3","sssd-1_9_0_beta4","sssd-1_9_0_beta5","sssd-1_9_0_beta6","sssd-1_9_0_beta7","sssd-1_9_0_rc1","sssd-1_9_1","sssd-1_9_2","sssd-1_9_91","sssd-1_9_92","sssd-1_9_93","sssd-1_9_94"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-10852.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}