A flaw was found in sssd Group Policy Objects implementation. When the GPO is not readable by SSSD due to a too strict permission settings on the server side, SSSD will allow all authenticated users to login instead of denying access.
Upstream fix : https://pagure.io/SSSD/sssd/c/ad058011b6b75b15c674be46a3ae9b3cc5228175
Reference: https://pagure.io/SSSD/sssd/issue/3867
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2019:2177 https://access.redhat.com/errata/RHSA-2019:2177
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2018-16838
This issue has been addressed in the following products: Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 Via RHSA-2019:2437 https://access.redhat.com/errata/RHSA-2019:2437
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2019:3651 https://access.redhat.com/errata/RHSA-2019:3651