CVE-2023-3758

high

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

References

Advisories
More

https://access.redhat.com/errata/RHSA-2024:3270

https://access.redhat.com/errata/RHSA-2024:2571

https://access.redhat.com/errata/RHSA-2024:1922

https://access.redhat.com/errata/RHSA-2024:1921

https://access.redhat.com/errata/RHSA-2024:1920

https://access.redhat.com/errata/RHSA-2024:1919

https://lists.fedoraproject.org/archives/list/[email protected]/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/

https://lists.fedoraproject.org/archives/list/[email protected]/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/

https://github.com/SSSD/sssd/pull/7302

https://bugzilla.redhat.com/show_bug.cgi?id=2223762

https://access.redhat.com/security/cve/CVE-2023-3758

Details

Source: Mitre, NVD

Published: 2024-04-18

Updated: 2025-02-06

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

EPSS

EPSS: 0.00207

Detections

Analytics