Vulnerability Name: | CVE-2021-3178 (CCN-241803) | ||||||||||||
Assigned: | 2021-01-19 | ||||||||||||
Published: | 2021-01-19 | ||||||||||||
Updated: | 2021-03-25 | ||||||||||||
Summary: | ** DISPUTED ** fs/nfsd/nfs3xdr.c in the Linux kernel through 5.10.8, when there is an NFS export of a subdirectory of a filesystem, allows remote attackers to traverse to other parts of the filesystem via READDIRPLUS. Note: some parties argue that such a subdirectory export is not intended to prevent this attack; see also the exports(5) no_subtree_check default behavior. | ||||||||||||
CVSS v3 Severity: | 6.5 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N) 5.7 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
5.7 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N/E:U/RL:O/RC:C)
| ||||||||||||
CVSS v2 Severity: | 5.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:N)
| ||||||||||||
Vulnerability Type: | CWE-22 | ||||||||||||
Vulnerability Consequences: | Obtain Information | ||||||||||||
References: | Source: MITRE Type: CNA CVE-2021-3178 Source: XF Type: UNKNOWN linux-kernel-cve20213178-dir-traversal(241803) Source: CCN Type: Linux Kernel GIT Repository nfsd4: readdirplus shouldn't return parent of export Source: CCN Type: Mend Vulnerability Database CVE-2021-3178 | ||||||||||||
Vulnerable Configuration: | Configuration CCN 1:![]() | ||||||||||||
BACK |