CVE-2023-3758

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Race Condition
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.1 HIGH
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
redhatCNA
7.1 HIGH
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
7.1 HIGH
ADJACENT_NETWORK
HIGH
LOW
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 4%
VendorProductVersion
fedoraprojectsssd
𝑥
< 2.9.5
redhatcodeready_linux_builder
8.0
redhatcodeready_linux_builder_eus
8.6
redhatcodeready_linux_builder_eus
8.8
redhatcodeready_linux_builder_eus
9.0
redhatcodeready_linux_builder_eus
9.2
redhatcodeready_linux_builder_eus
9.4
redhatcodeready_linux_builder_eus
9.6
redhatcodeready_linux_builder_for_arm64
8.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
8.6_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
8.8_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.0_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.2_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.4_aarch64:_aarch64
redhatcodeready_linux_builder_for_arm64_eus
9.6_aarch64:_aarch64
redhatcodeready_linux_builder_for_ibm_z_systems
8.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
8.6_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.0_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatcodeready_linux_builder_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatcodeready_linux_builder_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
8.6_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.0_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatcodeready_linux_builder_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatvirtualization_host
4.0
redhatenterprise_linux
8.0
redhatenterprise_linux_eus
8.6
redhatenterprise_linux_eus
8.8
redhatenterprise_linux_eus
9.0
redhatenterprise_linux_eus
9.2
redhatenterprise_linux_eus
9.4
redhatenterprise_linux_eus
9.6
redhatenterprise_linux_for_arm_64
8.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.6_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
8.8_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.0_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.2_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.4_aarch64:_aarch64
redhatenterprise_linux_for_arm_64_eus
9.6_aarch64:_aarch64
redhatenterprise_linux_for_ibm_z_systems
8.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.6_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
8.8_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.0_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.2_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.4_s390x:_s390x
redhatenterprise_linux_for_ibm_z_systems_eus
9.6_s390x:_s390x
redhatenterprise_linux_for_power_little_endian
8.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.6_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
8.8_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.0_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.2_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.4_ppc64le:_ppc64le
redhatenterprise_linux_for_power_little_endian_eus
9.6_ppc64le:_ppc64le
redhatenterprise_linux_server_aus
8.6
redhatenterprise_linux_server_aus
9.2
redhatenterprise_linux_server_aus
9.4
redhatenterprise_linux_server_aus
9.6
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.6_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
8.8_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.0_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.2_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.4_ppc64le:_ppc64le
redhatenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions
9.6_ppc64le:_ppc64le
redhatenterprise_linux_server_tus
8.6
redhatenterprise_linux_server_tus
8.8
redhatenterprise_linux_update_services_for_sap_solutions
8.6
redhatenterprise_linux_update_services_for_sap_solutions
8.8
redhatenterprise_linux_update_services_for_sap_solutions
9.0
redhatenterprise_linux_update_services_for_sap_solutions
9.2
redhatenterprise_linux_update_services_for_sap_solutions
9.4
redhatenterprise_linux_update_services_for_sap_solutions
9.6
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
sssd
bullseye
no-dsa
bookworm
no-dsa
buster
postponed
trixie
2.9.5-5
fixed
sid
2.9.5-5
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
sssd
oracular
Fixed 2.9.4-1.1ubuntu7
released
noble
Fixed 2.9.4-1.1ubuntu6.1
released
mantic
Fixed 2.9.1-2ubuntu2.1
released
jammy
Fixed 2.6.3-1ubuntu3.3
released
focal
Fixed 2.2.3-3ubuntu0.13
released
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/errata/RHSA-2024:2571
https://access.redhat.com/errata/RHSA-2024:3270
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/errata/RHSA-2024:2571
https://access.redhat.com/errata/RHSA-2024:3270
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/