// For flags

CVE-2022-4254

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

2
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

sssd: libsss_certmap fails to sanitise certificate data used in LDAP filters

A vulnerability was found in SSSD, in the libsss_certmap functionality. PKINIT enables a client to authenticate to the KDC using an X.509 certificate and the corresponding private key, rather than a passphrase or keytab. FreeIPA uses mapping rules to map a certificate presented during a PKINIT authentication request to the corresponding principal. The mapping filter is vulnerable to LDAP filter injection. The search result can be influenced by values in the certificate, which may be attacker controlled. In the most extreme case, an attacker could gain control of the admin account, leading to full domain takeover.

The System Security Services Daemon service provides a set of daemons to manage access to remote directories and authentication mechanisms. It also provides the Name Service Switch and the Pluggable Authentication Modules interfaces toward the system, and a pluggable back-end system to connect to multiple different account sources.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
Poc
Automatable
No
Tech. Impact
Total
* Organization's Worst-case Scenario
Timeline
  • 2022-12-01 CVE Reserved
  • 2023-01-24 CVE Published
  • 2025-03-27 CVE Updated
  • 2025-03-27 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Fedoraproject
Search vendor "Fedoraproject"
 Sssd
Search vendor "Fedoraproject" for product "Sssd"
 >= 1.15.3 < 2.3.1
Search vendor "Fedoraproject" for product "Sssd" and version " >= 1.15.3 < 2.3.1"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux
Search vendor "Redhat" for product "Enterprise Linux"
 8.0
Search vendor "Redhat" for product "Enterprise Linux" and version "8.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux For Ibm Z Systems
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems"
 7.0
Search vendor "Redhat" for product "Enterprise Linux For Ibm Z Systems" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux For Power Big Endian
Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian"
 7.0
Search vendor "Redhat" for product "Enterprise Linux For Power Big Endian" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux For Power Little Endian
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian"
 7.0
Search vendor "Redhat" for product "Enterprise Linux For Power Little Endian" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux For Scientific Computing
Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing"
 7.0
Search vendor "Redhat" for product "Enterprise Linux For Scientific Computing" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Aus
Search vendor "Redhat" for product "Enterprise Linux Server Aus"
 8.2
Search vendor "Redhat" for product "Enterprise Linux Server Aus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
 8.1
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions"
 8.2
Search vendor "Redhat" for product "Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Tus
Search vendor "Redhat" for product "Enterprise Linux Server Tus"
 8.2
Search vendor "Redhat" for product "Enterprise Linux Server Tus" and version "8.2"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server Update Services For Sap Solutions
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions"
 8.1
Search vendor "Redhat" for product "Enterprise Linux Server Update Services For Sap Solutions" and version "8.1"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected