CVE-2021-20316

moderate-risk

Published 2022-08-23

A flaw was found in the way Samba handled file/directory metadata. This flaw allows an authenticated attacker with permissions to read or modify share metadata, to perform this operation outside of the share.

Do I need to act?

0.71% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 6.8/10 Medium

NETWORK / HIGH complexity

Affected Products (8)

Samba

Debian Linux

Virtualization Host

Enterprise Linux

Enterprise Linux Aus

Enterprise Linux Eus

Enterprise Linux Tus

Affected Vendors

Debian Redhat Samba

References (12)

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-20316

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2009673

Issue Tracking https://bugzilla.samba.org/show_bug.cgi?id=14842

Mitigation https://security-tracker.debian.org/tracker/CVE-2021-20316

https://security.gentoo.org/glsa/202309-06

Vendor Advisory https://www.samba.org/samba/security/CVE-2021-20316.html

Third Party Advisory https://access.redhat.com/security/cve/CVE-2021-20316

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2009673

Issue Tracking https://bugzilla.samba.org/show_bug.cgi?id=14842

Mitigation https://security-tracker.debian.org/tracker/CVE-2021-20316

https://security.gentoo.org/glsa/202309-06

Vendor Advisory https://www.samba.org/samba/security/CVE-2021-20316.html

/ 100

moderate-risk

Severity 21/34 · High

Exploitability 2/34 · Minimal

Exposure 14/34 · Moderate