Products
sssd
Source
secalert@redhat.com
Tags
CVE-2023-3758 details
Published : April 18, 2024, 7:15 p.m.
Last Modified : April 18, 2024, 7:15 p.m.
Last Modified : April 18, 2024, 7:15 p.m.
Description
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7.1 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
CVSS Data
Attack Vector
ADJACENT_NETWORK
Attack Complexity
HIGH
Privileges Required
LOW
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
7.1
Exploitability Score
Impact Score
Base Severity
HIGH
Vector String : CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
URL | Source |
---|---|
https://access.redhat.com/errata/RHSA-2024:1919 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1920 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1921 | secalert@redhat.com |
https://access.redhat.com/errata/RHSA-2024:1922 | secalert@redhat.com |
https://access.redhat.com/security/cve/CVE-2023-3758 | secalert@redhat.com |
https://bugzilla.redhat.com/show_bug.cgi?id=2223762 | secalert@redhat.com |
https://github.com/SSSD/sssd/pull/7302 | secalert@redhat.com |
This website uses the NVD API, but is not approved or certified by it.