vulnerability
Amazon Linux 2023: CVE-2022-29869: Important priority package update for cifs-utils
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Apr 28, 2022 | Feb 17, 2025 | Jul 9, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Apr 28, 2022
Added
Feb 17, 2025
Modified
Jul 9, 2025
Description
cifs-utils through 6.14, with verbose logging, can cause an information leak when a file contains = (equal sign) characters but is not a valid credentials file.
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.
A flaw was found in cifs-utils. When verbose logging is enabled, invalid credentials file lines may be dumped to stderr. This may lead to information disclosure in particular conditions when the credentials file given is sensitive and contains '=' signs.
Solutions
amazon-linux-2023-upgrade-cifs-utilsamazon-linux-2023-upgrade-cifs-utils-debuginfoamazon-linux-2023-upgrade-cifs-utils-debugsourceamazon-linux-2023-upgrade-cifs-utils-develamazon-linux-2023-upgrade-cifs-utils-infoamazon-linux-2023-upgrade-pam-cifscredsamazon-linux-2023-upgrade-pam-cifscreds-debuginfo
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.