CVE-2023-34968

MEDIUM

Samba - Info Disclosure

Title source: llm

Description

A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.

References (11)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2023:6667

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2023:7139

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0423

[Vendor Advisory] https://access.redhat.com/errata/RHSA-2024:0580

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2023-34968

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2222795

[Vendor Advisory] https://www.samba.org/samba/security/CVE-2023-34968.html

[Vendor Advisory] https://security.netapp.com/advisory/ntap-20230731-0010/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/BPCSGND7LO467AJGR5DYBGZLTCGTOBCC/

[Mailing List, Third Party Advisory] https://lists.fedoraproject.org/archives/list/[email protected]/message/OT74M42E6C36W7PQVY3OS4ZM7DVYB64Z/

[Third Party Advisory] https://www.debian.org/security/2023/dsa-5477

Scores

CVSS v3 5.3

EPSS 0.0239

EPSS Percentile 84.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Classification

CWE

CWE-201

Status published

Affected Products (8)

samba/samba < 4.16.11

fedoraproject/fedora

fedoraproject/fedora

redhat/storage

redhat/enterprise_linux

redhat/enterprise_linux

debian/debian_linux

debian/debian_linux

Timeline

Published Jul 20, 2023

Tracked Since Feb 18, 2026