CVE-2021-20208
published 2021-04-19CVE-2021-20208: A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of…
PriorityP428medium6.1CVSS 3.1
AVLACHPRLUIRSCCLIHAN
EPSS
0.64%
46.2th percentile
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:6.11-3 (bookworm) | cifs-utils 2:6.11-3 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_cifs-utils_6.8-6_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_cifs-utils_6.8-5_on_cbl_mariner_1.0 | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| samba | cifs-utils | — | — |
| samba | cifs-utils | >= 0 < 2:6.11-3 | 2:6.11-3 |
| samba | cifs-utils | >= 0 < 2:6.11-3 | 2:6.11-3 |
| samba | cifs-utils | >= 0 < 2:6.11-3 | 2:6.11-3 |
| samba | cifs-utils | >= 0 < 2:6.11-3 | 2:6.11-3 |
| samba | cifs-utils | >= 0 < 2:6.8-1ubuntu1.2 | 2:6.8-1ubuntu1.2 |
| samba | cifs-utils | >= 0 < 2:6.9-1ubuntu0.2 | 2:6.9-1ubuntu0.2 |
| samba | cifs-utils | >= 0 < 2:6.14-1ubuntu0.1 | 2:6.14-1ubuntu0.1 |
| samba | cifs-utils | >= 0 < 2:6.0-1ubuntu2+esm1 | 2:6.0-1ubuntu2+esm1 |
| samba | cifs-utils | >= 0 < 2:6.4-1ubuntu1.1+esm1 | 2:6.4-1ubuntu1.1+esm1 |
| samba | cifs-utils | >= 4.0 < 6.13 | 6.13 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N
nvdv2.04.9MEDIUMAV:N/AC:M/Au:S/C:P/I:P/A:N
osv7.0HIGH
vendor_debian6.1MEDIUM
vendor_msrc6.1MEDIUM
vendor_redhat6.1MEDIUM
vendor_ubuntu4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
cifs-utils vulnerabilities
osv·2025-08-07·CVSS 7.0
CVE-2020-14342 [HIGH] cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
inf
OSV
cifs-utils vulnerabilities
osv·2022-06-02·CVSS 7.0
CVE-2020-14342 [HIGH] cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discov
GHSA
GHSA-jx7v-8q27-738q: A flaw was found in cifs-utils in versions before 6
ghsa_unreviewed·2022-05-24
CVE-2021-20208 [MEDIUM] CWE-266 GHSA-jx7v-8q27-738q: A flaw was found in cifs-utils in versions before 6
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
OSV
CVE-2021-20208: A flaw was found in cifs-utils in versions before 6
osv·2021-04-19·CVSS 6.1
CVE-2021-20208 [MEDIUM] CVE-2021-20208: A flaw was found in cifs-utils in versions before 6
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2025-08-07·CVSS 4.4
CVE-2021-20208 [MEDIUM] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: Several security issues were fixed in cifs-utils.
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
l
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2022-06-02·CVSS 4.4
CVE-2020-14342 [MEDIUM] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: Several security issues were fixed in cifs-utils.
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use th
Microsoft
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln
vendor_msrc·2021-04-13·CVSS 6.1
CVE-2021-20208 [MEDIUM] CWE-269 A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to ad
Red Hat
cifs-utils: Container can use kerberos cache from the host via mount.cifs/cifs.upcall
vendor_redhat·2021-04-12·CVSS 6.1
CVE-2021-20208 [MEDIUM] CWE-266 cifs-utils: Container can use kerberos cache from the host via mount.cifs/cifs.upcall
cifs-utils: Container can use kerberos cache from the host via mount.cifs/cifs.upcall
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in cifs-utils. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Statement: This flaw is rated as having Moderate impact because of the need to have elevated privileges and limited possibilities of the attack: an attacker will not get actual credentials cache accessed by themselves, but might ca
Debian
CVE-2021-20208: cifs-utils - A flaw was found in cifs-utils in versions before 6.13. A user when mounting a k...
vendor_debian·2021·CVSS 6.1
CVE-2021-20208 [MEDIUM] CVE-2021-20208: cifs-utils - A flaw was found in cifs-utils in versions before 6.13. A user when mounting a k...
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Scope: local
bookworm: resolved (fixed in 2:6.11-3)
bullseye: resolved (fixed in 2:6.11-3)
forky: resolved (fixed in 2:6.11-3)
sid: resolved (fixed in 2:6.11-3)
trixie: resolved (fixed in 2:6.11-3)
No detection rules found.
No public exploits indexed.
https://bugzilla.redhat.com/show_bug.cgi?id=1921116https://bugzilla.samba.org/show_bug.cgi?id=14651https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/https://bugzilla.redhat.com/show_bug.cgi?id=1921116https://bugzilla.samba.org/show_bug.cgi?id=14651https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/
2021-04-19
Published