CVE-2023-3758

Name: CVE-2023-3758
Creator: NVD / NIST
Published: 2024-04-18T19:15:08.597+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

HIGHCVSS 7.1/10EPSS 1.03%

Last modified Jun 17, 2026

CVE-2023-3758 is a high-severity vulnerability rated 7.1/10 on the CVSS scale. A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.. EPSS estimates a 1.03% chance of exploitation in the next 30 days.

Description

A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper authorization issues, granting or denying access to resources inappropriately.

Metrics

CVSS 3.1

7.1/10

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

1.03%

59.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Fedoraproject	Sssd	< 2.9.5
Redhat	Codeready Linux Builder	8.0
Redhat	Codeready Linux Builder Eus	8.6
Redhat	Codeready Linux Builder Eus	8.8
Redhat	Codeready Linux Builder Eus	9.0
Redhat	Codeready Linux Builder Eus	9.2
Redhat	Codeready Linux Builder Eus	9.4
Redhat	Codeready Linux Builder Eus	9.6
Redhat	Codeready Linux Builder For Arm64	8.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	8.6_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	8.8_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.0_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.2_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.4_aarch64
Redhat	Codeready Linux Builder For Arm64 Eus	9.6_aarch64
Redhat	Codeready Linux Builder For Ibm Z Systems	8.0_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	8.6_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	8.8_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.0_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.2_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.4_s390x
Redhat	Codeready Linux Builder For Ibm Z Systems Eus	9.6_s390x
Redhat	Codeready Linux Builder For Power Little Endian	8.0_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	8.6_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	8.8_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.0_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.2_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.4_ppc64le
Redhat	Codeready Linux Builder For Power Little Endian Eus	9.6_ppc64le
Redhat	Virtualization Host	4.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.6
Redhat	Enterprise Linux Eus	8.8
Redhat	Enterprise Linux Eus	9.0
Redhat	Enterprise Linux Eus	9.2
Redhat	Enterprise Linux Eus	9.4
Redhat	Enterprise Linux Eus	9.6
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.6_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	8.8_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.0_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.2_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.4_aarch64
Redhat	Enterprise Linux For Arm 64 Eus	9.6_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.6_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.8_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.2_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	9.4_s390x

Showing 50 of 79 affected configurations. See NVD for the full list.

References

https://access.redhat.com/errata/RHSA-2024:1919Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1920Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1921Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1922Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2571Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3270Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-3758Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2223762Issue Tracking, Third Party Advisory
https://github.com/SSSD/sssd/pull/7302Exploit, Issue Tracking, Patch
https://access.redhat.com/errata/RHSA-2024:1919Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1920Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1921Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:1922Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:2571Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:3270Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-3758Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2223762Issue Tracking, Third Party Advisory
https://github.com/SSSD/sssd/pull/7302Exploit, Issue Tracking, Patch
https://lists.debian.org/debian-lts-announce/2025/02/msg00008.html
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RV3HIZI3SURBUQKSOOL3XE64OOBQ2HTK/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XEP62IDS7A55D5UHM6GH7QZ7SQFOAPVF/Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XMORAO2BDDA5YX4ZLMXDZ7SM6KU47SY5/Mailing List, Third Party Advisory

Timeline

Published: Apr 18, 2024
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2023-3758?

How severe is CVE-2023-3758?

CVE-2023-3758 has a CVSS score of 7.1/10 (HIGH severity). The EPSS model estimates a 1.03% probability of exploitation in the next 30 days.

How do I fix CVE-2023-3758?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2023-3758?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST