VDB

ALPINE-CVE-2021-20208

ALPINE-CVE-2021-20208 PUBLISHED CVSS 6.099999904632568 MEDIUM

A flaw was found in cifs-utils in versions before 6.13. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.

Risk Scores

CVSS 3.1
6.099999904632568
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:N

Affected Products

VendorProductVersions
Alpine:v3.15cifs-utils0, 4.9-r0, 5.3-r0
Alpine:v3.17cifs-utils0, 5.3-r0, 5.4-r0
Alpine:v3.20cifs-utils4.0, 0, 4.9-r0
Alpine:v3.13cifs-utils4.0, 0, 6.9-r1
Alpine:v3.16cifs-utils5.6-r0, 4.0, 0
Alpine:v3.24cifs-utils0, 4.0
Alpine:v3.14cifs-utils6.4-r0, 6.4-r1, 6.5-r0
Alpine:v3.22cifs-utils5.4-r0, 0, 4.9-r0
Alpine:v3.19cifs-utils6.2-r0, 4.0, 0
Alpine:v3.10cifs-utils4.0, 0, 6.9-r0
Alpine:v3.23cifs-utils4.0, 0, 4.9-r0
Alpine:v3.12cifs-utils4.0, 0, 6.9-r1
Alpine:v3.21cifs-utils6.3-r0, 6.2-r1, 6.2-r0
Alpine:v3.11cifs-utils5.6-r0, 5.7-r0, 5.8-r0
Alpine:v3.18cifs-utils6.4-r0, 6.3-r0, 6.2-r1

Timeline

  • Apr 19, 2021 CVE Published
  • Apr 30, 2026 Distribution Patch
  • Jul 8, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›