cbcvebase.
CVE-2022-29869
published 2022-04-28

CVE-2022-29869: cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.80%
75.8th percentile
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.

Affected

23 ranges
VendorProductVersion rangeFixed in
debiancifs-utils< cifs-utils 2:6.14-1.1 (bookworm)cifs-utils 2:6.14-1.1 (bookworm)
debiandebian_linux
debiandebian_linux
debiandebian_linux
fedoraprojectfedora
fedoraprojectfedora
fedoraprojectfedora
msrccbl2_cifs-utils_6.14-2_on_cbl_mariner_2.0
msrccbl_mariner_1.0_arm
msrccbl_mariner_1.0_x64
msrccbl_mariner_2.0_arm
msrccbl_mariner_2.0_x64
msrccm1_cifs-utils_6.8-6_on_cbl_mariner_1.0
sambacifs-utils< 6.156.15
sambacifs-utils>= 0 < 2:6.11-3.1+deb11u12:6.11-3.1+deb11u1
sambacifs-utils>= 0 < 2:6.14-1.12:6.14-1.1
sambacifs-utils>= 0 < 2:6.14-1.12:6.14-1.1
sambacifs-utils>= 0 < 2:6.14-1.12:6.14-1.1
sambacifs-utils>= 0 < 2:6.8-1ubuntu1.22:6.8-1ubuntu1.2
sambacifs-utils>= 0 < 2:6.9-1ubuntu0.22:6.9-1ubuntu0.2
sambacifs-utils>= 0 < 2:6.14-1ubuntu0.12:6.14-1ubuntu0.1
sambacifs-utils>= 0 < 2:6.0-1ubuntu2+esm12:6.0-1ubuntu2+esm1
sambacifs-utils>= 0 < 2:6.4-1ubuntu1.1+esm12:6.4-1ubuntu1.1+esm1

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv7.0HIGH
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
vendor_ubuntu4.4MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.