VDB
CISA-2023-3758
CISA-2023-3758
PUBLISHED
CVSS 7.1 HIGH
Reported by redhat · Published April 18, 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Risk Scores
CVSS 3.1
7.1
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| 0 | ||
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.9.4-3.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.9.4-3.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | 0:2.6.2-4.el8_6.3 |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | 0:2.8.2-4.el8_8.2 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.9.4-6.el9_4 |
| Red Hat | Red Hat Enterprise Linux 9 | 0:2.9.4-6.el9_4 |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | 0:2.6.2-4.el9_0.3 |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:2.8.2-5.el9_2.4 |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:2.6.2-4.el8_6.3 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 7 | |
| Red Hat | Red Hat Enterprise Linux 9.0 Extended Update Support | *, 0:2.6.2-4.el9_0.3 |
| Red Hat | Red Hat Enterprise Linux 6 | |
| Red Hat | Red Hat Enterprise Linux 9.2 Extended Update Support | 0:2.8.2-5.el9_2.4, 0:2.8.2-5.el9_2.4 |
| Red Hat | Red Hat Enterprise Linux 9 | *, *, 0:2.9.4-6.el9_4 |
| Red Hat | Red Hat Enterprise Linux 8 | 0:2.9.4-3.el8_10, 0:2.9.4-3.el8_10, 0:2.9.4-3.el8_10 |
| Red Hat | Red Hat Enterprise Linux 8.8 Extended Update Support | *, 0:2.8.2-4.el8_8.2 |
| Red Hat | Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | 0:2.6.2-4.el8_6.3, 0:2.6.2-4.el8_6.3 |
| Red Hat | Red Hat Enterprise Linux 8.6 Extended Update Support | *, 0:2.6.2-4.el8_6.3 |
…and 2 more
Timeline
- Apr 18, 2024 CVE Published
- Nov 6, 2025 CVE Updated
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Distribution Patch
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
- Apr 26, 2026 Security Advisory
References
- RHSA-2024:1919 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:1920 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:1921 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:1922 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:2571 vendor-advisoryx_refsource_REDHAT
- RHSA-2024:3270 vendor-advisoryx_refsource_REDHAT
- vdb-entryx_refsource_REDHAT
- RHBZ#2223762 issue-trackingx_refsource_REDHAT
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/ url
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/ url
- https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html url