Race Condition Flaw in SSSD May Lead to Inconsistent Authorization
CVE-2023-3758

7.1HIGH

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Enterprise Linux 9
Vendor
CVE Published:
18 April 2024

Summary

A race condition flaw exists within the System Security Services Daemon (SSSD) that affects the consistent application of Group Policy Object (GPO) policies for authenticated users. This vulnerability may result in improper authorization, which can lead to unintended access to sensitive resources or restrictions where access should be granted, compromising the integrity of access control mechanisms within the affected systems.

Affected Version(s)

Red Hat Enterprise Linux 8 0:2.9.4-3.el8_10

Red Hat Enterprise Linux 8 0:2.9.4-3.el8_10

Red Hat Enterprise Linux 8.6 Extended Update Support 0:2.6.2-4.el8_6.3

References

https://access.redhat.com/errata/RHSA-2024:1919
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1920
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:1921
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database
.