CVE-2023-3758
Publication date 18 April 2024
Last updated 30 May 2025
Ubuntu priority
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sssd | 25.04 plucky |
Fixed 2.9.4-1.1ubuntu7
|
| 24.04 LTS noble |
Fixed 2.9.4-1.1ubuntu6.1
|
|
| 22.04 LTS jammy |
Fixed 2.6.3-1ubuntu3.3
|
|
| 20.04 LTS focal |
Fixed 2.2.3-3ubuntu0.13
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score |
7.1 · High
|
| Attack vector | Adjacent |
| Attack complexity | High |
| Privileges required | Low |
| User interaction | None |
| Scope | Unchanged |
| Confidentiality | High |
| Integrity impact | High |
| Availability impact | High |
| Vector | CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H |
References
Related Ubuntu Security Notices (USN)
- USN-6836-1
- SSSD vulnerability
- 17 June 2024
Other references
- https://www.cve.org/CVERecord?id=CVE-2023-3758
- https://github.com/SSSD/sssd/pull/7302
- https://access.redhat.com/errata/RHSA-2024:1919
- https://access.redhat.com/errata/RHSA-2024:1920
- https://access.redhat.com/errata/RHSA-2024:1921
- https://access.redhat.com/errata/RHSA-2024:1922
- https://access.redhat.com/security/cve/CVE-2023-3758