rpm package
almalinux/libsss_nss_idmap-devel
pkg:rpm/almalinux/libsss_nss_idmap-devel
Vulnerabilities (3)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-11561 | Hig | 8.8 | < 2.9.4-5.el8_10.3 | 2.9.4-5.el8_10.3 | Oct 9, 2025 | A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. Th | |
| CVE-2023-3758 | Hig | 7.1 | < 2.9.4-6.el9_4 | 2.9.4-6.el9_4 | Apr 18, 2024 | A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately. | |
| CVE-2021-3621 | Hig | 8.8 | < 2.4.0-9.el8_4.2 | 2.4.0-9.el8_4.2 | Dec 23, 2021 | A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access |
- affected < 2.9.4-5.el8_10.3fixed 2.9.4-5.el8_10.3
A flaw was found in the integration of Active Directory and the System Security Services Daemon (SSSD) on Linux systems. In default configurations, the Kerberos local authentication plugin (sssd_krb5_localauth_plugin) is enabled, but a fallback to the an2ln plugin is possible. Th
- affected < 2.9.4-6.el9_4fixed 2.9.4-6.el9_4
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
- affected < 2.4.0-9.el8_4.2fixed 2.4.0-9.el8_4.2
A flaw was found in SSSD, where the sssctl command was vulnerable to shell command injection via the logs-fetch and cache-expire subcommands. This flaw allows an attacker to trick the root user into running a specially crafted sssctl command, such as via sudo, to gain root access