CVE-2023-3758
Publication date 18 April 2024
Last updated 19 August 2025
Ubuntu priority
Description
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
Status
| Package | Ubuntu Release | Status |
|---|---|---|
| sssd | 26.04 LTS resolute |
Fixed 2.9.4-1.1ubuntu7
|
| 25.10 questing |
Fixed 2.9.4-1.1ubuntu7
|
|
| 24.04 LTS noble |
Fixed 2.9.4-1.1ubuntu6.1
|
|
| 22.04 LTS jammy |
Fixed 2.6.3-1ubuntu3.3
|
|
| 20.04 LTS focal |
Fixed 2.2.3-3ubuntu0.13
|
|
| 18.04 LTS bionic |
Needs evaluation
|
|
| 16.04 LTS xenial |
Needs evaluation
|
Severity score breakdown
CVSS version: CVSS v3.0
Base score
7.1 · High
Vector: CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
References
Related Ubuntu Security Notices (USN)
- USN-6836-1
- SSSD vulnerability
- 17 June 2024
Other references
- https://www.cve.org/CVERecord?id=CVE-2023-3758
- https://github.com/SSSD/sssd/pull/7302
- https://access.redhat.com/errata/RHSA-2024:1919
- https://access.redhat.com/errata/RHSA-2024:1920
- https://access.redhat.com/errata/RHSA-2024:1921
- https://access.redhat.com/errata/RHSA-2024:1922
- https://access.redhat.com/security/cve/CVE-2023-3758