File Metadata Handling Flaw in Samba by Samba Team
CVE-2021-20316

6.8MEDIUM

Key Information:

Vendor: Samba
Status: Samba
Vendor: CVE Published:; 23 August 2022

What is CVE-2021-20316?

A vulnerability exists in Samba that improperly handles file and directory metadata. This flaw enables an authenticated user with the necessary permissions to read or modify share metadata beyond the confines of shared resources. Exploiting this vulnerability could lead to unauthorized actions, impacting the security and integrity of shared file systems. Proper measures and updates are recommended to mitigate potential risks.

Affected Version(s)

samba Affects samba file server before v4.15.0, Fixed in samba v4.15.0

References

https://bugzilla.samba.org/show_bug.cgi?id=14842

https://www.samba.org/samba/security/CVE-2021-20316.html

https://bugzilla.redhat.com/show_bug.cgi?id=2009673

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 23, 2022
Vulnerability Reserved
Dec 17, 2020