CVE-2023-3758

HIGH

sssd < 2.9.5 - Race Condition in GPO Policy Application

Title source: llm

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

References (13)

Core 13

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html

Exploit, Issue Tracking, Patch

https://github.com/SSSD/sssd/pull/7302

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/

Mailing List, Third Party Advisory

https://lists.fedoraproject.org/archives/list/[email protected]/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:1919

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:1920

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:1921

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:1922

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:2571

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:3270

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-3758

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2223762

Scores

CVSS v3 7.1

EPSS 0.0003

EPSS Percentile 8.5%

Attack Vector ADJACENT_NETWORK

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-362

Status published

Products (50)

fedoraproject/fedora 38

fedoraproject/fedora 39

fedoraproject/fedora 40

fedoraproject/sssd < 2.9.5

redhat/codeready_linux_builder 8.0

redhat/codeready_linux_builder_eus 8.6

redhat/codeready_linux_builder_eus 8.8

redhat/codeready_linux_builder_eus 9.0

redhat/codeready_linux_builder_eus 9.2

redhat/codeready_linux_builder_eus 9.4

... and 40 more

Published Apr 18, 2024

Tracked Since Feb 18, 2026