View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-12173 severity low: SUSE including 399 source package names (libipa_hbac-1.15.2-50.el7_4.8, libipa_hbac-devel, …), 866 product×package rows across 62 product lines (SLES for SAP Applications 11 SP3, SUSE CaaS Platform 4.0, … (62 product lines)): Fixed 503, Known Not Affected 363.
It was found that sssd's sysdb_search_user_by_upn_res() function before 1.16.0 did not sanitize requests when querying its local cache and was vulnerable to injection. In a centralized login environment, if a password hash was locally cached for a given user, an authenticated attacker could use this flaw to retrieve it.