Vulnerability Details : CVE-2022-29869
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Products affected by CVE-2022-29869
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
- cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-29869
0.64%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 69 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-29869
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:N/A:N |
8.6
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2022-29869
-
The product writes sensitive information to a log file.Assigned by: nvd@nist.gov (Primary)
-
The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.Assigned by: nvd@nist.gov (Primary)
References for CVE-2022-29869
-
https://github.com/piastry/cifs-utils/pull/7
mount.cifs: two bug fixes by ddiss · Pull Request #7 · piastry/cifs-utils · GitHubPatch;Third Party Advisory
-
https://www.debian.org/security/2022/dsa-5157
Debian -- Security Information -- DSA-5157-1 cifs-utilsThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
[SECURITY] Fedora 36 Update: cifs-utils-6.15-1.fc36 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/
[SECURITY] Fedora 36 Update: cifs-utils-6.15-1.fc36 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
[SECURITY] Fedora 35 Update: cifs-utils-6.15-1.fc35 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
[SECURITY] Fedora 34 Update: cifs-utils-6.15-1.fc34 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/
[SECURITY] Fedora 35 Update: cifs-utils-6.15-1.fc35 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379
mount.cifs: fix verbose messages on option parsing · piastry/cifs-utils@8acc963 · GitHubPatch;Third Party Advisory
-
https://security.gentoo.org/glsa/202311-05
LinuxCIFS utils: Multiple Vulnerabilities (GLSA 202311-05) — Gentoo security
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/
[SECURITY] Fedora 34 Update: cifs-utils-6.15-1.fc34 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.debian.org/debian-lts-announce/2022/05/msg00020.html
[SECURITY] [DLA 3009-1] cifs-utils security updateMailing List;Third Party Advisory
Jump to