CVE-2022-3592
Published: 12 January 2023
Summary
CVE-2022-3592 is a medium-severity UNIX Symbolic Link (Symlink) Following (CWE-61) vulnerability in Fedoraproject Fedora. Its CVSS base score is 6.5 (Medium).
Operationally, ranked in the top 29.1% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2022-42956
Vulnerability details
A symlink following vulnerability was found in Samba, where a user can create a symbolic link that will make 'smbd' escape the configured share path. This flaw allows a remote user with access to the exported part of the file…
more
system under a share via SMB1 unix extensions or NFS to create symlinks to files outside the 'smbd' configured share path and gain access to another restricted server's filesystem.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.