CVE-2022-4254

Summary

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Affected Software

VendorProductVersion RangeStatus
n/aSSSDAffects SSSD 1.15.3, Fixed in SSSD 2.3.1affected

Weaknesses

  • CWE-90: CWE-90 - Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: total

References