Cleartext Transmission of Sensitive Information Affecting samba-winbind-32bit package, versions <4.9.5+git.554.abee30cf06-150100.3.77.1
Threat Intelligence
EPSS
0.2% (58th
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-SLES151-SAMBAWINBIND32BIT-5296429
- published 30 Mar 2023
- disclosed 29 Mar 2023
Introduced: 29 Mar 2023
CVE-2023-0922 Open this link in a new tabHow to fix?
Upgrade SLES:15.1 samba-winbind-32bit to version 4.9.5+git.554.abee30cf06-150100.3.77.1 or higher.
NVD Description
Note: Versions mentioned in the description apply only to the upstream samba-winbind-32bit package and not the samba-winbind-32bit package as distributed by SLES.
See How to fix? for SLES:15.1 relevant fixed versions and status.
The Samba AD DC administration tool, when operating against a remote LDAP server, will by default send new or reset passwords over a signed-only connection.
References
- https://www.suse.com/security/cve/CVE-2023-0922.html
- https://bugzilla.suse.com/1209481
- https://www.samba.org/samba/security/CVE-2023-0922.html
- https://security.netapp.com/advisory/ntap-20230406-0007/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/
- https://security.gentoo.org/glsa/202309-06
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/
CVSS Scores
version 3.1