CVE-2023-3758

moderate-risk
Published 2024-04-18

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Do I need to act?

-
0.03% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.1/10 High
ADJACENT_NETWORK / HIGH complexity

Affected Products (20)

Sssd
Codeready Linux Builder For Arm64
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Arm64 Eus
Codeready Linux Builder For Ibm Z Systems
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus
Codeready Linux Builder For Ibm Z Systems Eus

Affected Vendors

Redhat Fedoraproject

References (22)

Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1919
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1920
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1921
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1922
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2571
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:3270
Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-3758
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2223762
Exploit https://github.com/SSSD/sssd/pull/7302
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1919
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1920
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1921
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:1922
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:2571
Third Party Advisory https://access.redhat.com/errata/RHSA-2024:3270
Third Party Advisory https://access.redhat.com/security/cve/CVE-2023-3758
Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2223762
Exploit https://github.com/SSSD/sssd/pull/7302
https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproje...
and 2 more references
46
/ 100
moderate-risk
Severity 18/34 · Moderate
Exploitability 0/34 · Minimal
Exposure 28/34 · Critical