CVE-2022-29869

Опубликовано: 28 апр. 2022

Источник: redhat

CVSS3: 4.3

Описание

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	cifs-utils	Out of support scope
Red Hat Enterprise Linux 7	cifs-utils	Out of support scope
Red Hat Enterprise Linux 8	cifs-utils	Fix deferred
Red Hat Enterprise Linux 9	cifs-utils	Fix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-20

https://bugzilla.redhat.com/show_bug.cgi?id=2081221cifs-utils: crafted input may cause an information leak

4.3 Medium

CVSS3

Связанные уязвимости

CVE-2022-29869

CVSS3: 5.3

ubuntu

почти 4 года назад

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

CVE-2022-29869

CVSS3: 5.3

nvd

почти 4 года назад

cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.