7.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
14.4%
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
A mitigation can be applied to the sssd.conf file that would make the occurrence of the race condition more difficult:
1. Increase the GPO cache time out editing the following configuration directive in sssd.conf file:
a) ad_gpo_cache_timeout = 3600
Ps.: This value (3600) should make the cache time out in one hour but would make GPO updates propagation from AD server to local machines take longer.
7.1 High
CVSS3
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
6.9 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
14.4%