A flaw was found in cifs-utils. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
A flaw was found in cifs-utils. A user when mounting a krb5 CIFS file system from within a container can use Kerberos credentials of the host. The highest threat from this vulnerability is to data confidentiality and integrity.
This flaw is rated as having Moderate impact because of the need to have elevated privileges and limited possibilities of the attack: an attacker will not get actual credentials cache accessed by themselves, but might cause an authentication attempt to an SMB server and may be succeed in file access.
DFS and multiuser mounts can be disabled in the container SMB mounts options i.e. adding 'nodfs' and removing 'multiuser' (if present).