Information Leak in cifs-utils by Piastry
CVE-2022-29869

5.3MEDIUM

Key Information:

Vendor: Samba
Status: Cifs-utils
Vendor: CVE Published:; 28 April 2022

What is CVE-2022-29869?

The cifs-utils application, prior to version 6.14, experiences a vulnerability that can lead to information leaks when verbose logging is enabled. This issue arises if a file contains equal sign characters but does not qualify as a valid credentials file, potentially exposing sensitive data unintentionally. It poses a risk for systems relying on this utility when handling certain file formats.

References

https://github.com/piastry/cifs-utils/pull/7

https://github.com/piastry/cifs-utils/commit/8acc963a2e7e...

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisory

CVSS V3.1

Score:

5.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2022
Vulnerability Reserved
Apr 28, 2022

Samba

What is CVE-2022-29869?

References

CVSS V3.1

Timeline