A path disclosure vulnerability was found in Samba. As part of the Spotlight protocol, Samba discloses the server-side absolute path of shares, files, and directories in the results for search queries. This flaw allows a malicious client or an attacker with a targeted RPC request to view the information that is part of the disclosed path.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Samba | Samba | * | 4.16.11 (excluding) |
Samba | Samba | 4.17.0 (including) | 4.17.10 (excluding) |
Samba | Samba | 4.18.0 (including) | 4.18.5 (excluding) |