Lucene search

RedhatCVE-2022-3592

HistoryJan 12, 2023 - 3:15 p.m.

CVE-2022-3592

2023-01-1215:15:10

CWE-61

CWE-59

redhat

web.nvd.nist.gov

146

cve-2022-3592

samba

vulnerability

symlink

remote access

smb1

nfs

filesystem

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

6.2

Confidence

High

EPSS

0.003

Percentile

66.1%

JSON

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make ‘smbd’ escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the ‘smbd’ configured share path and gain access to another restricted server’s filesystem.

Affected configurations

Nvd

Vulners

Node

sambasambaRange4.17.0–4.17.2

Node

fedoraprojectfedoraMatch36

fedoraprojectfedoraMatch37

VendorProductVersionCPE
sambasamba*cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
fedoraprojectfedora36cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
fedoraprojectfedora37cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
samba	samba	*	cpe:2.3:a:samba:samba::::::::
fedoraproject	fedora	36	cpe:2.3:o:fedoraproject:fedora:36:::::::*
fedoraproject	fedora	37	cpe:2.3:o:fedoraproject:fedora:37:::::::*

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "samba",
    "versions": [
      {
        "version": "Affects samba since 4.17.0, Fixed samba 4.17.2.",
        "status": "affected"
      }
    ]
  }
]