CVE-2021-20208 - A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system

CVE-2021-20208

Summary

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1921116
https://bugzilla.samba.org/show_bug.cgi?id=14651

Vulnerable Configurations

CVSS

Base:	None
Impact:
Exploitability:

CWE

CWE-266

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

20-04-2021 - 00:09

Published

19-04-2021 - 22:15

Last modified

20-04-2021 - 00:09