A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Samba | Samba | * | 4.16.11 (excluding) |
| Samba | Samba | 4.17.0 (including) | 4.17.10 (excluding) |
| Samba | Samba | 4.18.0 (including) | 4.18.5 (excluding) |
| Red Hat Enterprise Linux 8 | RedHat | samba-0:4.18.6-1.el8 | * |
| Red Hat Enterprise Linux 8 | RedHat | samba-0:4.18.6-1.el8 | * |
| Red Hat Enterprise Linux 8.6 Extended Update Support | RedHat | samba-0:4.15.5-15.el8_6 | * |
| Red Hat Enterprise Linux 8.8 Extended Update Support | RedHat | samba-0:4.17.5-5.el8_8 | * |
| Red Hat Enterprise Linux 9 | RedHat | samba-0:4.18.6-100.el9 | * |
| Red Hat Enterprise Linux 9 | RedHat | samba-0:4.18.6-100.el9 | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 8 | RedHat | samba-0:4.15.5-15.el8_6 | * |
| Samba | Ubuntu | bionic | * |
| Samba | Ubuntu | devel | * |
| Samba | Ubuntu | focal | * |
| Samba | Ubuntu | jammy | * |
| Samba | Ubuntu | kinetic | * |
| Samba | Ubuntu | lunar | * |
| Samba | Ubuntu | mantic | * |
| Samba | Ubuntu | noble | * |
| Samba | Ubuntu | oracular | * |
| Samba | Ubuntu | trusty | * |
| Samba | Ubuntu | trusty/esm | * |
| Samba | Ubuntu | xenial | * |