QwikSec

Security Database

CVE

CWE

Training

CVE-2022-3592

Published: Jan 12, 2023

Modified: Apr 8, 2025

PUBLISHED

Description

A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.

Vendor	Product	Versions
n/a	samba	affected `Affects samba since 4.17.0, Fixed samba 4.17.2.`

Weaknesses (CWE)

References

https://bugzilla.redhat.com/show_bug.cgi?id=2137776

https://www.samba.org/samba/security/CVE-2022-3592.html

https://access.redhat.com/security/cve/CVE-2022-3592

vendor-advisory

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.