CVE-2023-3758

2024-04-1800:00:00

ubuntu.com

sssd

race condition

gpo policy

inconsistent

authorization

unix

7.1 High

CVSS3

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

6 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

14.4%

JSON

A race condition flaw was found in sssd where the GPO policy is not
consistently applied for authenticated users. This may lead to improper
authorization issues, granting or denying access to resources
inappropriately.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchsssd< anyUNKNOWN
ubuntu20.04noarchsssd< 2.2.3-3ubuntu0.13UNKNOWN
ubuntu22.04noarchsssd< 2.6.3-1ubuntu3.3UNKNOWN
ubuntu23.10noarchsssd< 2.9.1-2ubuntu2.1UNKNOWN
ubuntu24.04noarchsssd< 2.9.4-1.1ubuntu6.1UNKNOWN
ubuntu16.04noarchsssd< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	sssd	< any	UNKNOWN
ubuntu	20.04	noarch	sssd	< 2.2.3-3ubuntu0.13	UNKNOWN
ubuntu	22.04	noarch	sssd	< 2.6.3-1ubuntu3.3	UNKNOWN
ubuntu	23.10	noarch	sssd	< 2.9.1-2ubuntu2.1	UNKNOWN
ubuntu	24.04	noarch	sssd	< 2.9.4-1.1ubuntu6.1	UNKNOWN
ubuntu	16.04	noarch	sssd	< any	UNKNOWN