Lucene search

K

MITRECVE-2023-34968

HistoryJul 20, 2023 - 2:58 p.m.

CVE-2023-34968

2023-07-2014:58:59

MITRE

web.nvd.nist.gov

103

samba

cve-2023-34968

path disclosure

spotlight protocol

security vulnerability

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

References

access.redhat.com/errata/RHSA-2023:6667

access.redhat.com/errata/RHSA-2023:7139

access.redhat.com/errata/RHSA-2024:0423

access.redhat.com/errata/RHSA-2024:0580

access.redhat.com/security/cve/CVE-2023-34968

bugzilla.redhat.com/show_bug.cgi?id=2222795

lists.fedoraproject.org/archives/list/[email protected]/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

lists.fedoraproject.org/archives/list/[email protected]/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/

security.netapp.com/advisory/ntap-20230731-0010/

www.debian.org/security/2023/dsa-5477

www.samba.org/samba/security/CVE-2023-34968.html

5.5 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

35.0%

Related for CVE-2023-34968

osv6 cnvd1 debiancve1 alpinelinux1 prion1 redhatcve1 samba1 veracode1 ubuntucve1 nessus26 oraclelinux2 openvas14 redhat4 ibm3 almalinux2 fedora2 redos1 mageia1 freebsd1 cloudfoundry1 ubuntu1 slackware1 debian2 gentoo1 hp1