CVE-2022-29869
published 2022-04-28CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.80%
75.8th percentile
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Affected
23 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | cifs-utils | < cifs-utils 2:6.14-1.1 (bookworm) | cifs-utils 2:6.14-1.1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_cifs-utils_6.14-2_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| msrc | cm1_cifs-utils_6.8-6_on_cbl_mariner_1.0 | — | — |
| samba | cifs-utils | < 6.15 | 6.15 |
| samba | cifs-utils | >= 0 < 2:6.11-3.1+deb11u1 | 2:6.11-3.1+deb11u1 |
| samba | cifs-utils | >= 0 < 2:6.14-1.1 | 2:6.14-1.1 |
| samba | cifs-utils | >= 0 < 2:6.14-1.1 | 2:6.14-1.1 |
| samba | cifs-utils | >= 0 < 2:6.14-1.1 | 2:6.14-1.1 |
| samba | cifs-utils | >= 0 < 2:6.8-1ubuntu1.2 | 2:6.8-1ubuntu1.2 |
| samba | cifs-utils | >= 0 < 2:6.9-1ubuntu0.2 | 2:6.9-1ubuntu0.2 |
| samba | cifs-utils | >= 0 < 2:6.14-1ubuntu0.1 | 2:6.14-1ubuntu0.1 |
| samba | cifs-utils | >= 0 < 2:6.0-1ubuntu2+esm1 | 2:6.0-1ubuntu2+esm1 |
| samba | cifs-utils | >= 0 < 2:6.4-1ubuntu1.1+esm1 | 2:6.4-1ubuntu1.1+esm1 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.0HIGH
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu4.4MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2025-08-07·CVSS 4.4
CVE-2021-20208 [MEDIUM] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: Several security issues were fixed in cifs-utils.
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
l
Ubuntu
cifs-utils vulnerabilities
vendor_ubuntu·2022-06-02·CVSS 4.4
CVE-2020-14342 [MEDIUM] cifs-utils vulnerabilities
Title: cifs-utils vulnerabilities
Summary: Several security issues were fixed in cifs-utils.
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use th
Red Hat
cifs-utils: crafted input may cause an information leak
vendor_redhat·2022-04-28·CVSS 5.3
CVE-2022-29869 [MEDIUM] CWE-20 cifs-utils: crafted input may cause an information leak
cifs-utils: crafted input may cause an information leak
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.
Package: cifs-utils (Red Hat Enterprise Linux 6) - Out of support scope
Package: cifs-utils (Red Hat Enterprise Linux 7) - Out of support scope
Package: cifs-utils (Red Hat Enterprise Linux 8) - Fix deferred
Package: cifs-utils (Red Hat Enterprise Linux 9) - Fix deferred
Microsoft
cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
vendor_msrc·2022-04-12·CVSS 5.3
CVE-2022-29869 [MEDIUM] CWE-532 cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
cifs-utils through 6.14 with verbose logging can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
m
Debian
CVE-2022-29869: cifs-utils - cifs-utils through 6.14, with verbose logging, can cause an information leak whe...
vendor_debian·2022·CVSS 5.3
CVE-2022-29869 [MEDIUM] CVE-2022-29869: cifs-utils - cifs-utils through 6.14, with verbose logging, can cause an information leak whe...
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
Scope: local
bookworm: resolved (fixed in 2:6.14-1.1)
bullseye: resolved (fixed in 2:6.11-3.1+deb11u1)
forky: resolved (fixed in 2:6.14-1.1)
sid: resolved (fixed in 2:6.14-1.1)
trixie: resolved (fixed in 2:6.14-1.1)
OSV
cifs-utils vulnerabilities
osv·2025-08-07·CVSS 7.0
CVE-2020-14342 [HIGH] cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discovered that cifs-utils incorrectly handled verbose logging. A
local attacker could possibly use this issue to obtain sensitive
inf
OSV
cifs-utils vulnerabilities
osv·2022-06-02·CVSS 7.0
CVE-2020-14342 [HIGH] cifs-utils vulnerabilities
cifs-utils vulnerabilities
Aurélien Aptel discovered that cifs-utils invoked a shell when requesting a
password. In certain environments, a local attacker could possibly use this
issue to escalate privileges. This issue only affected Ubuntu 18.04 LTS and
Ubuntu 20.04 LTS. (CVE-2020-14342)
It was discovered that cifs-utils incorrectly used host credentials when
mounting a krb5 CIFS file system from within a container. An attacker
inside a container could possibly use this issue to obtain access to
sensitive information. This issue only affected Ubuntu 18.04 LTS and Ubuntu
20.04 LTS. (CVE-2021-20208)
It was discovered that cifs-utils incorrectly handled certain command-line
arguments. A local attacker could possibly use this issue to obtain root
privileges. (CVE-2022-27239)
It was discov
GHSA
GHSA-pwjc-pm2q-cpg2: cifs-utils through 6
ghsa_unreviewed·2022-04-29
CVE-2022-29869 [MEDIUM] CWE-532 GHSA-pwjc-pm2q-cpg2: cifs-utils through 6
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
OSV
CVE-2022-29869: cifs-utils through 6
osv·2022-04-28·CVSS 5.3
CVE-2022-29869 [MEDIUM] CVE-2022-29869: cifs-utils through 6
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379https://github.com/piastry/cifs-utils/pull/7https://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/https://security.gentoo.org/glsa/202311-05https://www.debian.org/security/2022/dsa-5157https://github.com/piastry/cifs-utils/commit/8acc963a2e7e9d63fe1f2e7f73f5a03f83d9c379https://github.com/piastry/cifs-utils/pull/7https://lists.debian.org/debian-lts-announce/2022/05/msg00020.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5WBOLMANBYJILXQKRRK7OCR774PXJAYY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HXKZLJYJJEC3TIBFLXUORRMZUKG5W676/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QIYZ4L6SLSYJQ446VJAO2VGAESURQNSP/https://security.gentoo.org/glsa/202311-05https://www.debian.org/security/2022/dsa-5157
2022-04-28
Published