CIFS File System Vulnerability in cifs-utils from Samba
CVE-2021-20208

6.1MEDIUM

Key Information:

Vendor

Samba

Status
Cifs-utils
Vendor
CVE Published:
19 April 2021
đź”” Create Samba Vulnerability Alert

What is CVE-2021-20208?

A vulnerability exists in cifs-utils prior to version 6.13, where improper handling of Kerberos credentials allows a user to leverage the host's credentials when mounting a krb5 CIFS file system from within a container. This flaw poses significant risks to the confidentiality and integrity of sensitive data, exposing it to unauthorized access and manipulation.

Affected Version(s)

cifs-utils cifs-utils 6.13

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921116
x_refsource_MISC
https://bugzilla.samba.org/show_bug.cgi?id=14651
x_refsource_MISC
https://lists.fedoraproject.org/archives/list/package-ann...
vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
High
Availability:
Low
Attack Vector:
Local
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.