sssd is vulnerable to information disclosure. The set of sudo rules in SSSD-sudo responder is configured with insecure permissions which would allow any user using the same raw protocol to read sudo rules for any user.
www.securityfocus.com/bid/104547
access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/7.6_release_notes/index
access.redhat.com/errata/RHSA-2018:3158
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1385665
bugzilla.redhat.com/show_bug.cgi?id=1416528
bugzilla.redhat.com/show_bug.cgi?id=1459348
bugzilla.redhat.com/show_bug.cgi?id=1509691
bugzilla.redhat.com/show_bug.cgi?id=1514061
bugzilla.redhat.com/show_bug.cgi?id=1516266
bugzilla.redhat.com/show_bug.cgi?id=1522928
bugzilla.redhat.com/show_bug.cgi?id=1534749
bugzilla.redhat.com/show_bug.cgi?id=1537272
bugzilla.redhat.com/show_bug.cgi?id=1537279
bugzilla.redhat.com/show_bug.cgi?id=1538555
bugzilla.redhat.com/show_bug.cgi?id=1546754
bugzilla.redhat.com/show_bug.cgi?id=1558498
bugzilla.redhat.com/show_bug.cgi?id=1562025
bugzilla.redhat.com/show_bug.cgi?id=1565774
bugzilla.redhat.com/show_bug.cgi?id=1566782
bugzilla.redhat.com/show_bug.cgi?id=1571526
bugzilla.redhat.com/show_bug.cgi?id=1577335
bugzilla.redhat.com/show_bug.cgi?id=1578291
bugzilla.redhat.com/show_bug.cgi?id=1583251
bugzilla.redhat.com/show_bug.cgi?id=1583725
bugzilla.redhat.com/show_bug.cgi?id=1600822
bugzilla.redhat.com/show_bug.cgi?id=1602781
bugzilla.redhat.com/show_bug.cgi?id=1607313
bugzilla.redhat.com/show_bug.cgi?id=1610667
bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852
lists.debian.org/debian-lts-announce/2018/07/msg00019.html