CVE-2023-3758

high

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

References

https://lists.fedoraproject.org/archives/list/[email protected]/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/

https://github.com/SSSD/sssd/pull/7302

https://bugzilla.redhat.com/show_bug.cgi?id=2223762

https://access.redhat.com/security/cve/CVE-2023-3758

https://access.redhat.com/errata/RHSA-2024:2571

https://access.redhat.com/errata/RHSA-2024:1922

https://access.redhat.com/errata/RHSA-2024:1921

https://access.redhat.com/errata/RHSA-2024:1920

https://access.redhat.com/errata/RHSA-2024:1919

Details

Source: Mitre, NVD

Published: 2024-04-18

Updated: 2024-04-30

Risk Information

CVSS v2

Base Score: 6.5

Vector: CVSS2#AV:A/AC:H/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High

Detections

Analytics