CVE-2023-3758

{"id": "CVE-2023-3758", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.1, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.2}]}, "published": "2024-04-18T19:15:08.597", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:1919", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1920", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1921", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1922", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2571", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3270", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-3758", "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762", "source": "secalert@redhat.com"}, {"url": "https://github.com/SSSD/sssd/pull/7302", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1919", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1920", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1921", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:1922", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:2571", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/errata/RHSA-2024:3270", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-3758", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2223762", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/SSSD/sssd/pull/7302", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-362"}]}, {"type": "Primary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en la condici\u00f3n de ejecuci\u00f3n en sssd donde la pol\u00edtica de GPO no se aplica de manera consistente para los usuarios autenticados. Esto puede dar lugar a problemas de autorizaci\u00f3n inapropiados, otorgando o denegando acceso a recursos de manera inapropiada."}], "lastModified": "2025-02-06T17:15:17.657", "sourceIdentifier": "secalert@redhat.com"}