CVE-2021-20208

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Published: Apr 20, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-20208
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.1
AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

CVSS v2:

Severity: Low
Score: 4.9
AV:N/AC:M/Au:S/C:P/I:P/A:N

CWEs:

CWE-269

Affected Software
References

Software	From	Fixed in
samba / cifs-utils	4.0	6.13
redhat / enterprise_linux	7.0	7.0.x
redhat / enterprise_linux	8.0	8.0.x
fedoraproject / fedora	33	33.x
fedoraproject / fedora	34	34.x
fedoraproject / fedora	35	35.x

https://bugzilla.redhat.com/show_bug.cgi?id=1921116
https://bugzilla.samba.org/show_bug.cgi?id=14651
https://lists.fedoraproject.org/archives/list/[email protected]/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/
https://lists.fedoraproject.org/archives/list/[email protected]/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/
https://lists.fedoraproject.org/archives/list/[email protected]/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/

Vulnerability Database

289,689

CVE-2021-20208