CVE-2023-3758

CWE-362 — Race Condition CWE-2857 documents7 sources

Severity

7.1HIGH

EPSS

0.0%

top 91.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fedoraproject Sssd Fedoraproject Fedora Redhat Codeready Linux Builder +20 more

Timeline

PublishedApr 18

Latest updateJun 17

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CVSS vector

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages5 packages

▶NVDfedoraproject/sssd< 2.9.5

▶Debiansssd< 2.4.1-2+deb11u1+3

▶NVDredhat/virtualization_host4.0

▶NVDredhat/codeready_linux_builder7 versions+6

▶NVDredhat/enterprise_linux_update_services6 versions+5

Also affects: Fedora 38, 39, 40, Enterprise Linux 8.0, 8.6, 8.8, 9.0, 9.2, 9.4, 9.6

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Sssd: race condition during authorization leads to gpo policies functioning inconsistently↗2024-04-18

▶

OSV

CVE-2023-3758: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users↗2024-04-18

▶

GHSA

GHSA-7pwr-cfrc-px4f: A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users↗2024-04-18

▶

📋Vendor Advisories

Ubuntu

SSSD vulnerability↗2024-06-17

▶

Red Hat

sssd: Race condition during authorization leads to GPO policies functioning inconsistently↗2024-04-16

▶

Debian

CVE-2023-3758: sssd - A race condition flaw was found in sssd where the GPO policy is not consistently...↗2023

▶