9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
62.0%
samba is vulnerable to Path Traversal. An attacker could exploit this vulnerability by creating a malicious file with a specially crafted path and then uploading the file to a Samba share. When a user downloads the file, the Samba server will resolve the path to the file on the underlying filesystem and allow the user to read the file, even if the user does not have permission to read the file.
access.redhat.com/errata/RHSA-2023:6209
access.redhat.com/errata/RHSA-2023:6744
access.redhat.com/errata/RHSA-2023:7371
access.redhat.com/errata/RHSA-2023:7408
access.redhat.com/errata/RHSA-2023:7464
access.redhat.com/errata/RHSA-2023:7467
access.redhat.com/security/cve/CVE-2023-3961
bugzilla.redhat.com/show_bug.cgi?id=2241881
bugzilla.samba.org/show_bug.cgi?id=15422
lists.fedoraproject.org/archives/list/[email protected]/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/
security-tracker.debian.org/tracker/CVE-2023-3961
security.netapp.com/advisory/ntap-20231124-0002/
www.samba.org/samba/security/CVE-2023-3961.html