CVE-2022-2031

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-2031
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2031.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-2031
Downstream
Related
Published
2022-08-25T18:15:09.837Z
Modified
2026-03-14T01:44:32.074773Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

A flaw was found in Samba. The security vulnerability occurs when KDC and the kpasswd service share a single account and set of keys, allowing them to decrypt each other's tickets. A user who has been requested to change their password, can exploit this flaw to obtain and use tickets to other services.

References

Affected packages

Git / github.com/samba-team/samba

Affected ranges

Type
GIT
Repo
https://github.com/samba-team/samba
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
ad06fd8294503b6a27729118dd8c80558d41924a
Introduced
fc8342bd26d1c55ca5780b427f675f31147b27f9
Fixed
c8fc01ca36445e87c3e503026a446416d66cd1bf
Introduced
e95d85f784ae6b19f2cb42cc9039b60b146e5b69
Fixed
9618af1b66aa7503e02b25c9a0bb5b1f31baffbc
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.14.14"
        },
        {
            "introduced": "4.15.0"
        },
        {
            "fixed": "4.15.9"
        },
        {
            "introduced": "4.16.0"
        },
        {
            "fixed": "4.16.4"
        }
    ]
}

Affected versions

ldb-2.*
ldb-2.4.1
ldb-2.4.2
ldb-2.4.3
ldb-2.4.4
ldb-2.5.1
ldb-2.5.2
samba-4.*
samba-4.15.0
samba-4.15.1
samba-4.15.2
samba-4.15.3
samba-4.15.4
samba-4.15.5
samba-4.15.6
samba-4.15.7
samba-4.15.8
samba-4.16.0
samba-4.16.1
samba-4.16.2
samba-4.16.3

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-2031.json"