sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
References
Link | Resource |
---|---|
https://access.redhat.com/security/cve/CVE-2022-4254 | Third Party Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=2149894 | Exploit Issue Tracking Patch Third Party Advisory |
https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 | Patch Third Party Advisory |
https://github.com/SSSD/sssd/issues/5135 | Exploit Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/05/msg00028.html |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
29 May 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
CWE | ||
References |
|
09 Feb 2023, 13:41
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat enterprise Linux
Redhat enterprise Linux Desktop Fedoraproject Redhat Redhat enterprise Linux Server Redhat enterprise Linux For Scientific Computing Redhat enterprise Linux For Power Little Endian Redhat enterprise Linux For Power Big Endian Fedoraproject sssd Redhat enterprise Linux Server Tus Redhat enterprise Linux Server For Power Little Endian Update Services For Sap Solutions Redhat enterprise Linux Server Update Services For Sap Solutions Redhat enterprise Linux Server Aus Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux Workstation |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:* cpe:2.3:a:fedoraproject:sssd:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* |
|
References | (MISC) https://github.com/SSSD/sssd/issues/5135 - Exploit, Issue Tracking, Patch, Third Party Advisory | |
References | (MISC) https://github.com/SSSD/sssd/commit/a2b9a84460429181f2a4fa7e2bb5ab49fd561274 - Patch, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2022-4254 - Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=2149894 - Exploit, Issue Tracking, Patch, Third Party Advisory |
01 Feb 2023, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-01 17:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-4254
Mitre link : CVE-2022-4254
CVE.ORG link : CVE-2022-4254
JSON object : View
Products Affected
redhat
- enterprise_linux_server_tus
- enterprise_linux_desktop
- enterprise_linux_server
- enterprise_linux_server_update_services_for_sap_solutions
- enterprise_linux_workstation
- enterprise_linux_server_aus
- enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
- enterprise_linux_for_scientific_computing
- enterprise_linux_for_power_big_endian
- enterprise_linux
- enterprise_linux_for_power_little_endian
- enterprise_linux_for_ibm_z_systems
fedoraproject
- sssd
CWE
CWE-90
Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')