Bug 2223762 (CVE-2023-3758)
Summary: | CVE-2023-3758 sssd: Race condition during authorization leads to GPO policies functioning inconsistently | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Pedro Sampaio <psampaio> |
Component: | vulnerability | Assignee: | Nobody <nobody> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | aboscatt, atikhono, jwest, michal.skrivanek, mperina, pbrezina, sbose, security-response-team |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2223765, 2223766, 2223767, 2241398, 2275905 | ||
Bug Blocks: | 2223763 |
Description
Pedro Sampaio
2023-07-18 19:35:24 UTC
Created sssd tracking bugs for this issue: Affects: fedora-all [bug 2275905] This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2024:1919 https://access.redhat.com/errata/RHSA-2024:1919 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:1921 https://access.redhat.com/errata/RHSA-2024:1921 This issue has been addressed in the following products: Red Hat Enterprise Linux 9.2 Extended Update Support Via RHSA-2024:1920 https://access.redhat.com/errata/RHSA-2024:1920 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:1922 https://access.redhat.com/errata/RHSA-2024:1922 |