{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-2031", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-09-17T08:06:21.529909", "dateReserved": "2022-06-08T00:00:00", "datePublished": "2022-08-25T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-09-17T08:06:21.529909"}, "descriptions": [{"lang": "en", "value": "A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "Versions prior to samba 4.16.4, samba 4.15.9, samba 4.14.14", "status": "affected"}]}], "references": [{"url": "https://www.samba.org/samba/security/CVE-2022-2031.html"}, {"name": "GLSA-202309-06", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202309-06"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-288", "cweId": "CWE-288"}]}]}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "4C2499D3-277A-4B0F-AD27-4506D02829DE", "versionEndExcluding": "4.14.14", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "1B0E54A3-23C1-497D-864D-EDF15D85FB81", "versionEndExcluding": "4.15.9", "versionStartIncluding": "4.15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "8479455F-FFCD-46F1-B0E3-EBC082F89C16", "versionEndExcluding": "4.16.4", "versionStartIncluding": "4.16.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services."}, {"lang": "es", "value": "Se ha encontrado un fallo en Samba. Una vulnerabilidad de seguridad es producida cuando el KDC y el servicio kpasswd comparten una misma cuenta y un mismo conjunto de claves, lo que les permite descifrar los tickets del otro. Un usuario al que le haya sido pedido que cambie su contrase\u00f1a, puede explotar este fallo para obtener y usar tickets de otros servicios."}], "id": "CVE-2022-2031", "lastModified": "2023-09-17T09:15:10.507", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-25T18:15:09.837", "references": [{"source": "secalert@redhat.com", "url": "https://security.gentoo.org/glsa/202309-06"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2022-2031.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-287"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-288"}], "source": "secalert@redhat.com", "type": "Secondary"}]}

{}