The UNIX pipe which sudo uses to contact SSSD and read the available sudo rules from SSSD has too wide permissions, which means that anyone who can send a message using the same raw protocol that sudo and SSSD use can read the sudo rules available for any user. This affects versions of SSSD before 1.16.3.
https://lists.debian.org/debian-lts-announce/2018/07/msg00019.html
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10852