Samba: spotlight server-side share path disclosure
CVE-2023-34968

5.3MEDIUM

Key Information:

Vendor
Red Hat
Status
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 8.6 Extended Update Support
Red Hat Enterprise Linux 8.8 Extended Update Support
Red Hat Enterprise Linux 9
Vendor
CVE Published:
20 July 2023

Summary

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

Affected Version(s)

Red Hat Enterprise Linux 8 0:4.18.6-1.el8

Red Hat Enterprise Linux 8 0:4.18.6-1.el8

Red Hat Enterprise Linux 8.6 Extended Update Support 0:4.15.5-15.el8_6

References

https://access.redhat.com/errata/RHSA-2023:6667
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2023:7139
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2024:0423
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.