Race Condition Flaw in SSSD May Lead to Inconsistent Authorization
CVE-2023-3758
7.1HIGH
Key Information
- Vendor
- Red Hat
- Status
- Red Hat Enterprise Linux 8
- Red Hat Enterprise Linux 8.6 Extended Update Support
- Red Hat Enterprise Linux 8.8 Extended Update Support
- Red Hat Enterprise Linux 9
- Vendor
- CVE Published:
- 18 April 2024
Summary
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Affected Version(s)
Red Hat Enterprise Linux 8 <= 0:2.9.4-3.el8_10
Red Hat Enterprise Linux 8 <= 0:2.9.4-3.el8_10
Red Hat Enterprise Linux 8.6 Extended Update Support <= 0:2.6.2-4.el8_6.3
CVSS V3.1
Score:
7.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Risk change from: null to: 7.1 - (HIGH)
Vulnerability published.
Vulnerability Reserved.
Reported to Red Hat.
Collectors
NVD DatabaseMitre Database