Filtered by vendor Sssd
Subscriptions
Total
2 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2026-14476 | 2 Redhat, Sssd | 4 Enterprise Linux, Openshift, Openshift Container Platform and 1 more | 2026-07-10 | 8 High |
| A path traversal flaw was found in SSSD's AD GPO provider. The ad_gpo_extract_smb_components() function does not sanitize .. sequences in the gPCFileSysPath LDAP attribute, allowing an attacker with AD GPO management access to write files outside the GPO cache directory as root. On default RHEL configurations with SELinux enforcing, this can be used to inject Kerberos configuration leading to authentication bypass. | ||||
| CVE-2026-12610 | 2 Redhat, Sssd | 6 Enterprise Linux, Hardened Images, Hummingbird and 3 more | 2026-07-01 | 6.4 Medium |
| A flaw was found in sssd. When authenticating with a YubiKey, the SSSD PAM responder can crash due to a use-after-free vulnerability, where a memory pointer is incorrectly handled. A local attacker could exploit this flaw by manipulating smartcard or YubiKey contents, leading to a denial of service that disrupts authentication. This vulnerability also presents a potential for privilege escalation, although it is difficult to exploit. | ||||
Page 1 of 1.