CVE-2023-34968

Summary

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

Affected Software

VendorProductVersion RangeStatus
Red HatRed Hat Enterprise Linux 80:4.18.6-1.el8 < *unaffected
Red HatRed Hat Enterprise Linux 80:4.18.6-1.el8 < *unaffected
Red HatRed Hat Enterprise Linux 8.6 Extended Update Support0:4.15.5-15.el8_6 < *unaffected
Red HatRed Hat Enterprise Linux 8.8 Extended Update Support0:4.17.5-5.el8_8 < *unaffected
Red HatRed Hat Enterprise Linux 90:4.18.6-100.el9 < *unaffected
Red HatRed Hat Enterprise Linux 90:4.18.6-100.el9 < *unaffected
Red HatRed Hat Virtualization 4 for Red Hat Enterprise Linux 80:4.15.5-15.el8_6 < *unaffected

Weaknesses

  • CWE-201: Insertion of Sensitive Information Into Sent Data

ADP Enrichment

CVE Program Container

Additional References

References