๐Ÿ” CVE Alert

CVE-2023-3758

HIGH 7.1

Sssd: race condition during authorization leads to gpo policies functioning inconsistently

CVSS Score
7.1
EPSS Score
0.0%
EPSS Percentile
0th

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CWE CWE-362
Published Apr 18, 2024
Last Updated Nov 6, 2025
Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Affected Versions

Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 8.6 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 8.8 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9
All versions affected
Red Hat / Red Hat Enterprise Linux 9.0 Extended Update Support
All versions affected
Red Hat / Red Hat Enterprise Linux 9.2 Extended Update Support
All versions affected
Red Hat / Red Hat Virtualization 4 for Red Hat Enterprise Linux 8
All versions affected
Red Hat / Red Hat Enterprise Linux 6
All versions affected
Red Hat / Red Hat Enterprise Linux 7
All versions affected

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1919 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1920 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1921 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:1922 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2571 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3270 access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-3758 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2223762 github.com: https://github.com/SSSD/sssd/pull/7302 lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/ lists.fedoraproject.org: https://lists.fedoraproject.org/archives/list/[email protected]/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/ lists.debian.org: https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html