CVE-2019-10218 init

2025-05-08 19:46:39 +00:00 · 2019-11-06 10:44:00 +01:00 · 2019-11-06 10:44:00 +01:00 · 89ef76f4d0
commit 89ef76f4d0
parent d6edcdce00
1 changed files with 60 additions and 4 deletions
--- a/2019/10xxx/CVE-2019-10218.json
+++ b/2019/10xxx/CVE-2019-10218.json
@ -4,15 +4,71 @@
    "data_version": "4.0",
    "CVE_data_meta": {
        "ID": "CVE-2019-10218",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "ASSIGNER": "mrehak@redhat.com"
+    },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "vendor_name": "Samba",
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "samba",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "all samba versions before samba 4.11.2, 4.10.10 and 4.9.15"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    }
+                }
+            ]
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-22"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218",
+                "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10218",
+                "refsource": "CONFIRM"
+            },
+            {
+                "url": "https://www.samba.org/samba/security/CVE-2019-10218.html"
+            }
+        ]
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "A flaw was found in the samba client, all samba versions before samba 4.11.2, 4.10.10 and 4.9.15, where a malicious server can supply a pathname to the client with separators. This could allow the client to access files and folders outside of the SMB network pathnames. An attacker could use this vulnerability to create files outside of the current working directory using the privileges of the client user."
            }
        ]
+    },
+    "impact": {
+        "cvss": [
+            [
+                {
+                    "vectorString": "5.3/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:H/A:N",
+                    "version": "3.0"
+                }
+            ]
+        ]
    }
-}
+}