Unknown · Cifs-Utils · CVE-2021-20208
Name of the Vulnerable Software and Affected Versions:
cifs-utils versions prior to 6.13
Description:
A flaw was found in cifs-utils where a user mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
Recommendations:
For versions prior to 6.13, update to version 6.13 or later to resolve the issue. As a temporary workaround, consider restricting access to Kerberos credentials or limiting the ability to mount krb5 CIFS file systems from within containers until a patch is applied.