CVE-2023-3758

Published: Apr 18, 2024

Modified: Nov 6, 2025

PUBLISHED

CVSS v3.1

7.1

HIGH

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Vendor	Product	Versions
Unknown	sssd	affected `0 - < 2.9.5`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.9.4-3.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8	unaffected `0:2.9.4-3.el8_10 - < *`
Red Hat	Red Hat Enterprise Linux 8.6 Extended Update Support	unaffected `0:2.6.2-4.el8_6.3 - < *`
Red Hat	Red Hat Enterprise Linux 8.8 Extended Update Support	unaffected `0:2.8.2-4.el8_8.2 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.9.4-6.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9	unaffected `0:2.9.4-6.el9_4 - < *`
Red Hat	Red Hat Enterprise Linux 9.0 Extended Update Support	unaffected `0:2.6.2-4.el9_0.3 - < *`
Red Hat	Red Hat Enterprise Linux 9.2 Extended Update Support	unaffected `0:2.8.2-5.el9_2.4 - < *`
Red Hat	Red Hat Virtualization 4 for Red Hat Enterprise Linux 8	unaffected `0:2.6.2-4.el8_6.3 - < *`
Red Hat	Red Hat Enterprise Linux 6	All versions
Red Hat	Red Hat Enterprise Linux 7	All versions