Updated: 2024-12-06 22:40:09.735443
Description:
A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | 0 | |
| CVSS Version 3.x | MEDIUM | 5.3 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| AlmaLinux 9.2 ESU | samba | 4.17.5 | 5.3 | MEDIUM | Released | CLSA-2025:1739822224 | 2025-02-18 06:40:55 | |
| CentOS 6 ELS | samba | 3.6.23 | 5.3 | MEDIUM | Ignored | 2023-08-01 03:38:13 | ||
| CentOS 7 ELS | samba | 4.10.16 | 5.3 | MEDIUM | Ignored | 2024-06-25 11:20:13 | ||
| CentOS 8.4 ELS | samba | 4.13.3-5 | 5.3 | MEDIUM | Released | CLSA-2024:1723483357 | 2024-08-12 14:42:28 | |
| CentOS 8.5 ELS | samba | 4.14.5-7 | 5.3 | MEDIUM | Released | CLSA-2024:1723058766 | 2024-08-07 17:45:34 | |
| CloudLinux 6 ELS | samba | 3.6.23 | 5.3 | MEDIUM | Ignored | 2023-08-01 03:38:13 | ||
| Oracle Linux 6 ELS | samba | 3.6.23 | 5.3 | MEDIUM | Ignored | 2023-08-01 03:38:13 | ||
| Ubuntu 16.04 ELS | samba | 4.3.11 | 5.3 | MEDIUM | Ignored | 2023-08-01 03:38:13 | ||
| Ubuntu 18.04 ELS | samba | 4.7.6 | 5.3 | MEDIUM | Ignored | 2023-08-01 03:38:13 |