CVE-2023-3758

Sažetak

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Reference

https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/errata/RHSA-2024:2571
https://access.redhat.com/errata/RHSA-2024:3270
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
https://access.redhat.com/errata/RHSA-2024:1919
https://access.redhat.com/errata/RHSA-2024:1920
https://access.redhat.com/errata/RHSA-2024:1921
https://access.redhat.com/errata/RHSA-2024:1922
https://access.redhat.com/errata/RHSA-2024:2571
https://access.redhat.com/errata/RHSA-2024:3270
https://access.redhat.com/security/cve/CVE-2023-3758
https://bugzilla.redhat.com/show_bug.cgi?id=2223762
https://github.com/SSSD/sssd/pull/7302
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/

CVSS

Base:	7.1
Impact:	5.9
Exploitability:	1.2

Pristup

Vektor	Složenost	Autentikacija
ADJACENT_NETWORK	HIGH	LOW

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	HIGH	HIGH

CVSS vektor

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Zadnje važnije ažuriranje

18-06-2025 - 19:44

Objavljeno

18-04-2024 - 19:15