CVE-2021-20208Incorrect Privilege Assignment in Samba Cifs-utils

CWE-266Incorrect Privilege AssignmentCWE-269Improper Privilege Management11 documents8 sources
Severity
6.1MEDIUMNVD
OSV7.0
EPSS
0.4%
top 40.86%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Samba Cifs-utilsFedoraproject FedoraRedhat Enterprise Linux
Timeline
PublishedApr 19
Latest updateAug 7

Description

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

CVSS vector

CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:NExploitability: 0.8 | Impact: 4.7

Affected Packages4 packages

NVDsamba/cifs-utils4.06.13
Debiansamba/cifs-utils< 2:6.11-3+3
Ubuntusamba/cifs-utils< 2:6.0-1ubuntu2+esm1+1
CVEListV5samba/cifs-utilscifs-utils 6.13

Also affects: Fedora 33, 34, 35, Enterprise Linux 7.0, 8.0

Patches

Patch: bugzilla.samba.orgPatch: bugzilla.samba.org

🔴Vulnerability Details

5
OSV
cifs-utils vulnerabilities2025-08-07
OSV
cifs-utils vulnerabilities2022-06-02
GHSA
GHSA-jx7v-8q27-738q: A flaw was found in cifs-utils in versions before 62022-05-24
CVEList
CVE-2021-20208: A flaw was found in cifs-utils in versions before 62021-04-19
OSV
CVE-2021-20208: A flaw was found in cifs-utils in versions before 62021-04-19

📋Vendor Advisories

5
Ubuntu
cifs-utils vulnerabilities2025-08-07
Ubuntu
cifs-utils vulnerabilities2022-06-02
Microsoft
A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vuln2021-04-13
Red Hat
cifs-utils: Container can use kerberos cache from the host via mount.cifs/cifs.upcall2021-04-12
Debian
CVE-2021-20208: cifs-utils - A flaw was found in cifs-utils in versions before 6.13. A user when mounting a k...2021
CVE-2021-20208 — Incorrect Privilege Assignment | cvebase