Lucene search
HistoryFeb 01, 2023 - 5:15 p.m.
CVE-2022-4254
sssd
certificate data
ldap filters
sanitise
cve-2022-4254
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%
sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters
Affected configurations
Node
fedoraprojectsssdRange1.15.3–2.3.1
Node
redhatenterprise_linuxMatch8.0
ORredhatenterprise_linux_desktopMatch7.0
ORredhatenterprise_linux_for_ibm_z_systemsMatch7.0
ORredhatenterprise_linux_for_power_big_endianMatch7.0
ORredhatenterprise_linux_for_power_little_endianMatch7.0
ORredhatenterprise_linux_for_scientific_computingMatch7.0
ORredhatenterprise_linux_serverMatch7.0
ORredhatenterprise_linux_server_ausMatch8.2
ORredhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.1
ORredhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsMatch8.2
ORredhatenterprise_linux_server_tusMatch8.2
ORredhatenterprise_linux_server_update_services_for_sap_solutionsMatch8.1
ORredhatenterprise_linux_workstationMatch7.0
Related
redhat
redhat
(RHSA-2023:0442) Important: sssd security update
2023-01-24 15:04:25
(RHSA-2023:0397) Important: sssd security update
2023-01-24 08:28:46
(RHSA-2023:0403) Important: sssd security and bug fix update
2023-01-24 09:46:55
openvas
openvas
openSUSE: Security Advisory for sssd (SUSE-SU-2023:0204-1)
2024-03-04 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:0300-1)
2023-02-08 00:00:00
CentOS: Security Advisory for libipa_hbac (CESA-2023:0403)
2023-01-31 00:00:00
nessus
nessus
RHEL 8 : sssd (RHSA-2023:0397)
2023-01-24 00:00:00
SUSE SLES12 Security Update : sssd (SUSE-SU-2023:0200-1)
2023-01-28 00:00:00
EulerOS 2.0 SP10 : sssd (EulerOS-SA-2023-1963)
2023-05-18 00:00:00
cve
cve
CVE-2022-4254
2023-02-01 17:15:09
veracode
veracode
LDAP Injection
2023-02-04 15:11:25
ubuntucve
ubuntucve
CVE-2022-4254
2023-02-01 00:00:00
debiancve
debiancve
CVE-2022-4254
2023-02-01 17:15:09
centos
centos
cvelist
cvelist
CVE-2022-4254
2023-02-01 00:00:00
oraclelinux
oraclelinux
sssd security and bug fix update
2023-01-24 00:00:00
amazon
amazon
Important: sssd
2023-03-17 16:34:00
Important: sssd
2023-03-30 22:50:00
redhatcve
redhatcve
CVE-2022-4254
2023-01-24 08:05:19
osv
osv
sssd vulnerability
2023-06-12 12:00:14
CVE-2022-4254
2023-02-01 17:15:09
sssd - security update
2023-05-29 00:00:00
prion
prion
Design/Logic Flaw
2023-02-01 17:15:00
ubuntu
ubuntu
SSSD vulnerability
2023-06-12 00:00:00
debian
debian
[SECURITY] [DLA 3436-2] sssd regression update
2023-05-31 16:14:02
[SECURITY] [DLA 3436-1] sssd security update
2023-05-29 13:43:53
f5
f5
K000136157 : sssd vulnerability CVE-2022-4254
2023-09-12 00:00:00
ibm
ibm
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
8.6 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
51.7%
Related for NVD:CVE-2022-4254