{"id":"CVE-2021-20208","details":"A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.","modified":"2026-05-18T05:51:17.987511647Z","published":"2021-04-19T22:15:12.873Z","related":["SUSE-SU-2021:1159-1","SUSE-SU-2021:1161-1","SUSE-SU-2021:1455-1","openSUSE-SU-2021:0639-1","openSUSE-SU-2024:10683-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpes":["cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*"],"vendor_product":"fedoraproject:fedora","extracted_events":[{"last_affected":"33"},{"last_affected":"34"},{"last_affected":"35"}]},{"cpes":["cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*"],"source":"CPE_FIELD","vendor_product":"redhat:enterprise_linux","extracted_events":[{"last_affected":"7.0"},{"last_affected":"8.0"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2W4HSDIWXXNQBUW5ZS37RQMLJ7THK5AS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/66WJ3SVBHCSNQZAWSGLB6FBOCFU45FFG/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z4BZSJXROEFHYATAAHHRR6P3HUSMPQB3/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1921116"},{"type":"FIX","url":"https://bugzilla.samba.org/show_bug.cgi?id=14651"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/piastry/cifs-utils","events":[{"introduced":"f54e674a82fc00e574e1ebbc77ba5841d8342b6d"},{"fixed":"464a60344a324311a6f5bb326fdf5f422a3c9005"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:samba:cifs-utils:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"4.0"},{"fixed":"6.13"}]}}],"versions":["cifs-utils-6.12","cifs-utils-6.11","cifs-utils-6.10","cifs-utils-6.9","cifs-utils-6.8","cifs-utils-6.7","cifs-utils-6.6","cifs-utils-6.5","cifs-utils-6.4","cifs-utils-6.3","cifs-utils-6.2","cifs-utils-6.1","cifs-utils-6.0","cifs-utils-5.9","cifs-utils-5.8","cifs-utils-5.7","cifs-utils-5.6","cifs-utils-5.5","cifs-utils-5.4","cifs-utils-5.3","cifs-utils-5.2","cifs-utils-5.1","cifs-utils-5.0","cifs-utils-4.9","cifs-utils-4.8.1","cifs-utils-4.8","cifs-utils-4.7","cifs-utils-4.6","cifs-utils-4.5","cifs-utils-4.4","cifs-utils-4.3","cifs-utils-4.2","cifs-utils-4.1","cifs-utils-4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20208.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N"}]}