CVE-2023-3758 — HIGH (7.1) — White Hats Nepal

Q: How severe is CVE-2023-3758?

CVE-2023-3758 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-3758?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Redhat Codeready Linux Builder, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder For Arm64, Redhat Codeready Linux Builder For Arm64 Eus.

Vulnerability Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

CVSS Score

7.1

HIGH

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

ADJACENT_NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Fedoraproject	Sssd	< 2.9.5
Redhat	Codeready Linux Builder	8.0
Redhat	Codeready Linux Builder Eus	8.6
Redhat	Codeready Linux Builder For Arm64	8.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	8.6_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems	8.0_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	8.6_s390x
Redhat	Codeready Linux Builder For Power Little Endian	8.0_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	8.6_ppc64le
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.6_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.6_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le
Redhat	Enterprise Linux For Power Little Endian Eus	8.6_ppc64le
Redhat	Enterprise Linux Server Aus	8.6
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	8.6_ppc64le

Related Weaknesses (CWE)

CWE-362

References

https://access.redhat.com/errata/RHSA-2024:1919Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1920Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1921Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1922Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2571Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3270Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-3758Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2223762Issue TrackingThird Party Advisory
https://github.com/SSSD/sssd/pull/7302ExploitIssue TrackingPatch
https://access.redhat.com/errata/RHSA-2024:1919Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1920Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1921Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1922Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2571Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3270Third Party Advisory

FAQ

What is CVE-2023-3758?

CVE-2023-3758 is a vulnerability with a CVSS score of 7.1 (HIGH). A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resource...

How severe is CVE-2023-3758?

CVE-2023-3758 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-3758?

Check the references section above for vendor advisories and patch information. Affected products include: Fedoraproject Sssd, Redhat Codeready Linux Builder, Redhat Codeready Linux Builder Eus, Redhat Codeready Linux Builder For Arm64, Redhat Codeready Linux Builder For Arm64 Eus.