CVE-2023-3758
published 2024-04-18CVE-2023-3758: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization…
high7.1CVSS 3.1
AVAACHPRLUINSUCHIHAH
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Affected
84 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | sssd | < sssd 2.8.2-4+deb12u1 (bookworm) | sssd 2.8.2-4+deb12u1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | sssd | < 2.9.5 | 2.9.5 |
| fedoraproject | sssd | >= 0 < 2.4.1-2+deb11u1 | 2.4.1-2+deb11u1 |
| fedoraproject | sssd | >= 0 < 2.8.2-4+deb12u1 | 2.8.2-4+deb12u1 |
| fedoraproject | sssd | >= 0 < 2.9.5-1 | 2.9.5-1 |
| fedoraproject | sssd | >= 0 < 2.9.5-1 | 2.9.5-1 |
| redhat | codeready_linux_builder | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_eus | — | — |
| redhat | codeready_linux_builder_for_arm64 | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_arm64_eus | — | — |
| redhat | codeready_linux_builder_for_ibm_z_systems | — | — |
| redhat | codeready_linux_builder_for_ibm_z_systems_eus | — | — |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
osv7.1HIGH