CVE-2023-3758
Published: 18 April 2024
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Priority
Status
Package | Release | Status |
---|---|---|
sssd Launchpad, Ubuntu, Debian |
bionic |
Needs triage
|
focal |
Needs triage
|
|
jammy |
Needs triage
|
|
mantic |
Needs triage
|
|
noble |
Needs triage
|
|
upstream |
Needs triage
|
|
xenial |
Needs triage
|
|
Patches: upstream: https://github.com/SSSD/sssd/commit/d7db7971682da2dbf7642ac94940d6b0577ec35a upstream: https://github.com/SSSD/sssd/commit/e1bfbc2493c4194988acc3b2413df3dde0735ae3 upstream: https://github.com/SSSD/sssd/commit/f4ebe1408e0bc67abfbfb5f0ca2ea13803b36726 |
References
- https://www.cve.org/CVERecord?id=CVE-2023-3758
- https://github.com/SSSD/sssd/pull/7302
- https://access.redhat.com/errata/RHSA-2024:1919
- https://access.redhat.com/errata/RHSA-2024:1920
- https://access.redhat.com/errata/RHSA-2024:1921
- https://access.redhat.com/errata/RHSA-2024:1922
- https://access.redhat.com/security/cve/CVE-2023-3758
- NVD
- Launchpad
- Debian