[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2023-4091":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":131,"aliases":132,"duplicate_of":9,"upstream":133,"downstream":134,"duplicates":173,"related":174,"reserved_at":9,"published_at":183,"modified_at":184,"state":185,"summary":186,"references_raw":195,"kevs":255,"epss":256,"epss_history":259,"metrics":526,"affected":534},"CVE-2023-4091","A vulnerability was discovered in Samba, where the flaw allows SMB clients to truncate files, even with read-only permissions when the Samba VFS module \"acl_xattr\" is configured with \"acl_xattr:ignore system acls = yes\". The SMB protocol allows opening files when the client requests read-only access but then implicitly truncates the opened file to 0 bytes if the client specifies a separate OVERWRITE create disposition request. The issue arises in configurations that bypass kernel file system permissions checks, relying solely on Samba's permissions.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-276","Incorrect Default Permissions","During installation, installed file permissions are set to allow anyone to modify those files.","weakness","Draft","Base","Medium",[20,68,127],{"id":21,"name":22,"techniques":23},"CAPEC-1","Accessing Functionality Not Properly Constrained by ACLs",[24],{"id":25,"name":26,"tactics":27,"countermeasures":43},"T1574.010","Services File Permissions Weakness",[28,31,34,37,40],{"id":29,"name":30},"TA0110","Persistence",{"id":32,"name":33},"TA0111","Privilege Escalation",{"id":35,"name":36},"TA0030","Defense Evasion",{"id":38,"name":39},"TA0005","Stealth",{"id":41,"name":42},"TA0104","Execution",[44,49,53,58,63],{"id":45,"name":46,"tactic":47},"D3-SWI","Software Inventory",{"name":48},"Model",{"id":50,"name":51,"tactic":52},"D3-AVE","Asset Vulnerability Enumeration",{"name":48},{"id":54,"name":55,"tactic":56},"D3-SBV","Service Binary Verification",{"name":57},"Detect",{"id":59,"name":60,"tactic":61},"D3-SU","Software Update",{"name":62},"Harden",{"id":64,"name":65,"tactic":66},"D3-RS","Restore Software",{"name":67},"Restore",{"id":69,"name":70,"techniques":71},"CAPEC-127","Directory Indexing",[72],{"id":73,"name":74,"tactics":75,"countermeasures":79},"T1083","File and Directory Discovery",[76],{"id":77,"name":78},"TA0102","Discovery",[80,84,88,93,98,102,106,111,115,119,123],{"id":81,"name":82,"tactic":83},"D3-FA","File Analysis",{"name":57},{"id":85,"name":86,"tactic":87},"D3-FIM","File Integrity Monitoring",{"name":57},{"id":89,"name":90,"tactic":91},"D3-FEV","File Eviction",{"name":92},"Evict",{"id":94,"name":95,"tactic":96},"D3-DF","Decoy File",{"name":97},"Deceive",{"id":99,"name":100,"tactic":101},"D3-FE","File Encryption",{"name":62},{"id":103,"name":104,"tactic":105},"D3-RF","Restore File",{"name":67},{"id":107,"name":108,"tactic":109},"D3-LFP","Local File Permissions",{"name":110},"Isolate",{"id":112,"name":113,"tactic":114},"D3-CF","Content Filtering",{"name":110},{"id":116,"name":117,"tactic":118},"D3-RFAM","Remote File Access Mediation",{"name":110},{"id":120,"name":121,"tactic":122},"D3-CQ","Content Quarantine",{"name":110},{"id":124,"name":125,"tactic":126},"D3-CM","Content Modification",{"name":110},{"id":128,"name":129,"techniques":130},"CAPEC-81","Web Server Logs Tampering",[],[],[],[],[135,137,139,141,143,145,147,149,151,153,155,157,159,161,163,165,167,169,171],{"_key":136},"ALPINE-CVE-2023-4091",{"_key":138},"SUSE-SU-2023:4046-1",{"_key":140},"SUSE-SU-2023:4040-1",{"_key":142},"SUSE-SU-2023:4096-1",{"_key":144},"SUSE-SU-2023:4059-1",{"_key":146},"OPENSUSE-SU-2024:13332-1",{"_key":148},"DLA-3792-1",{"_key":150},"DSA-5525-1",{"_key":152},"DSA-5647-1",{"_key":154},"RHSA-2023:6209",{"_key":156},"RHSA-2023:6744",{"_key":158},"RHSA-2023:7371",{"_key":160},"RHSA-2023:7408",{"_key":162},"RHSA-2023:7464",{"_key":164},"RHSA-2023:7467",{"_key":166},"MGASA-2023-0340",{"_key":168},"UBUNTU-CVE-2023-4091",{"_key":170},"USN-6425-1",{"_key":172},"DEBIAN-CVE-2023-4091",[],[175,176,177,178,180,181,182],{"_key":138},{"_key":140},{"_key":142},{"_key":179},"USN-6425-3",{"_key":144},{"_key":146},{"_key":166},"2023-11-03T07:56:35.611Z","2025-11-20T18:27:17.162Z","Modified",{"cisa_kev":187,"cisa_ransomware":187,"cisa_vendor":9,"epss_severity":188,"epss_score":189,"severity":190,"severity_score":191,"severity_version":192,"severity_source":193,"severity_vector":194,"severity_status":185},false,"low",0.00438,"medium",6.5,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",[196,204,208,212,216,220,224,229,234,238,242,247,251],{"url":197,"sources":198,"tags":200},"https://access.redhat.com/errata/RHSA-2023:6209",[193,199],"nvd",[201,202,203],"Vendor Advisory","X Refsource REDHAT","Third Party Advisory",{"url":205,"sources":206,"tags":207},"https://access.redhat.com/errata/RHSA-2023:6744",[193,199],[201,202,203],{"url":209,"sources":210,"tags":211},"https://access.redhat.com/errata/RHSA-2023:7371",[193,199],[201,202],{"url":213,"sources":214,"tags":215},"https://access.redhat.com/errata/RHSA-2023:7408",[193,199],[201,202],{"url":217,"sources":218,"tags":219},"https://access.redhat.com/errata/RHSA-2023:7464",[193,199],[201,202],{"url":221,"sources":222,"tags":223},"https://access.redhat.com/errata/RHSA-2023:7467",[193,199],[201,202],{"url":225,"sources":226,"tags":227},"https://access.redhat.com/security/cve/CVE-2023-4091",[193,199],[228,202,203],"VDB Entry",{"url":230,"sources":231,"tags":232},"https://bugzilla.redhat.com/show_bug.cgi?id=2241882",[193,199],[233,202],"Issue Tracking",{"url":235,"sources":236,"tags":237},"https://bugzilla.samba.org/show_bug.cgi?id=15439",[193,199],[233],{"url":239,"sources":240,"tags":241},"https://www.samba.org/samba/security/CVE-2023-4091.html",[193,199],[201],{"url":243,"sources":244,"tags":245},"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html",[193,199],[246],"X Transferred",{"url":248,"sources":249,"tags":250},"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZUMVALLFFDFC53JZMUWA6HPD7HUGAP5I/",[193,199],[246],{"url":252,"sources":253,"tags":254},"https://security.netapp.com/advisory/ntap-20231124-0002/",[193,199],[246],[],{"date":257,"score":189,"percentile":258},"2026-06-04",0.63447,[260,264,267,270,273,276,279,282,285,288,291,294,297,300,303,307,309,312,315,318,322,325,328,331,334,337,340,343,346,349,351,354,357,360,363,366,368,371,374,377,380,382,385,388,391,394,397,400,403,406,409,412,415,418,421,424,427,430,433,436,439,442,445,448,451,454,457,459,462,465,468,470,473,476,479,482,485,488,491,494,497,500,503,506,509,512,515,517,520,523],{"date":261,"score":262,"percentile":263},"2025-11-04",0.00476,0.64063,{"date":265,"score":262,"percentile":266},"2025-11-05",0.64043,{"date":268,"score":262,"percentile":269},"2025-11-06",0.64046,{"date":271,"score":262,"percentile":272},"2025-11-07",0.64056,{"date":274,"score":262,"percentile":275},"2025-11-08",0.6406,{"date":277,"score":262,"percentile":278},"2025-11-09",0.64052,{"date":280,"score":262,"percentile":281},"2025-11-10",0.64037,{"date":283,"score":262,"percentile":284},"2025-11-11",0.64048,{"date":286,"score":262,"percentile":287},"2025-11-12",0.6407,{"date":289,"score":262,"percentile":290},"2025-11-13",0.64077,{"date":292,"score":262,"percentile":293},"2025-11-14",0.64084,{"date":295,"score":262,"percentile":296},"2025-11-15",0.64079,{"date":298,"score":262,"percentile":299},"2025-11-16",0.64071,{"date":301,"score":262,"percentile":302},"2025-11-17",0.64068,{"date":304,"score":305,"percentile":306},"2025-11-18",0.01877,0.81663,{"date":308,"score":305,"percentile":306},"2025-11-19",{"date":310,"score":305,"percentile":311},"2025-11-20",0.81669,{"date":313,"score":262,"percentile":314},"2025-11-21",0.64074,{"date":316,"score":262,"percentile":317},"2025-11-22",0.6408,{"date":319,"score":320,"percentile":321},"2025-11-23",0.00409,0.60559,{"date":323,"score":320,"percentile":324},"2025-11-24",0.60557,{"date":326,"score":320,"percentile":327},"2025-11-25",0.60561,{"date":329,"score":320,"percentile":330},"2025-11-26",0.60563,{"date":332,"score":320,"percentile":333},"2025-11-27",0.60568,{"date":335,"score":262,"percentile":336},"2025-11-28",0.6404,{"date":338,"score":262,"percentile":339},"2025-11-29",0.64009,{"date":341,"score":262,"percentile":342},"2025-11-30",0.64003,{"date":344,"score":262,"percentile":345},"2025-12-01",0.64172,{"date":347,"score":262,"percentile":348},"2025-12-02",0.64191,{"date":350,"score":262,"percentile":348},"2025-12-03",{"date":352,"score":262,"percentile":353},"2025-12-04",0.64015,{"date":355,"score":262,"percentile":356},"2025-12-05",0.64029,{"date":358,"score":262,"percentile":359},"2025-12-06",0.64028,{"date":361,"score":262,"percentile":362},"2025-12-07",0.64021,{"date":364,"score":262,"percentile":365},"2025-12-08",0.64027,{"date":367,"score":262,"percentile":275},"2025-12-09",{"date":369,"score":262,"percentile":370},"2025-12-10",0.64107,{"date":372,"score":262,"percentile":373},"2025-12-11",0.64124,{"date":375,"score":262,"percentile":376},"2025-12-12",0.64142,{"date":378,"score":262,"percentile":379},"2025-12-13",0.64148,{"date":381,"score":262,"percentile":379},"2025-12-14",{"date":383,"score":262,"percentile":384},"2025-12-15",0.64141,{"date":386,"score":262,"percentile":387},"2025-12-16",0.64155,{"date":389,"score":262,"percentile":390},"2025-12-17",0.6417,{"date":392,"score":262,"percentile":393},"2025-12-18",0.64205,{"date":395,"score":262,"percentile":396},"2025-12-19",0.64223,{"date":398,"score":262,"percentile":399},"2025-12-20",0.6422,{"date":401,"score":262,"percentile":402},"2025-12-21",0.64209,{"date":404,"score":262,"percentile":405},"2025-12-22",0.64204,{"date":407,"score":262,"percentile":408},"2025-12-23",0.64211,{"date":410,"score":262,"percentile":411},"2025-12-24",0.64216,{"date":413,"score":262,"percentile":414},"2025-12-25",0.64242,{"date":416,"score":262,"percentile":417},"2025-12-26",0.64243,{"date":419,"score":262,"percentile":420},"2025-12-27",0.64293,{"date":422,"score":262,"percentile":423},"2025-12-28",0.64219,{"date":425,"score":262,"percentile":426},"2025-12-29",0.64208,{"date":428,"score":262,"percentile":429},"2025-12-30",0.64225,{"date":431,"score":262,"percentile":432},"2025-12-31",0.6425,{"date":434,"score":262,"percentile":435},"2026-01-01",0.64439,{"date":437,"score":262,"percentile":438},"2026-01-02",0.64425,{"date":440,"score":262,"percentile":441},"2026-01-03",0.64424,{"date":443,"score":262,"percentile":444},"2026-01-04",0.64248,{"date":446,"score":262,"percentile":447},"2026-01-05",0.64244,{"date":449,"score":262,"percentile":450},"2026-01-06",0.6424,{"date":452,"score":262,"percentile":453},"2026-01-07",0.6426,{"date":455,"score":262,"percentile":456},"2026-01-08",0.64281,{"date":458,"score":262,"percentile":456},"2026-01-09",{"date":460,"score":262,"percentile":461},"2026-01-10",0.64278,{"date":463,"score":262,"percentile":464},"2026-01-11",0.64268,{"date":466,"score":262,"percentile":467},"2026-01-12",0.64252,{"date":469,"score":262,"percentile":444},"2026-01-13",{"date":471,"score":262,"percentile":472},"2026-01-14",0.64284,{"date":474,"score":262,"percentile":475},"2026-01-15",0.64299,{"date":477,"score":262,"percentile":478},"2026-01-16",0.64319,{"date":480,"score":262,"percentile":481},"2026-01-17",0.64309,{"date":483,"score":262,"percentile":484},"2026-01-18",0.643,{"date":486,"score":262,"percentile":487},"2026-01-19",0.64289,{"date":489,"score":262,"percentile":490},"2026-01-20",0.64304,{"date":492,"score":262,"percentile":493},"2026-01-21",0.64313,{"date":495,"score":262,"percentile":496},"2026-01-22",0.6432,{"date":498,"score":262,"percentile":499},"2026-01-23",0.64349,{"date":501,"score":262,"percentile":502},"2026-01-24",0.64355,{"date":504,"score":262,"percentile":505},"2026-01-25",0.64322,{"date":507,"score":262,"percentile":508},"2026-01-26",0.64308,{"date":510,"score":262,"percentile":511},"2026-01-27",0.64316,{"date":513,"score":262,"percentile":514},"2026-01-28",0.64325,{"date":516,"score":262,"percentile":514},"2026-01-29",{"date":518,"score":262,"percentile":519},"2026-01-30",0.64334,{"date":521,"score":262,"percentile":522},"2026-01-31",0.64338,{"date":524,"score":262,"percentile":525},"2026-02-01",0.64482,[527,532],{"source":193,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":528,"cvss_v4_0":9},{"baseScore":191,"baseSeverity":529,"vectorString":194,"impactScore":530,"exploitabilityScore":531},"MEDIUM",6,7.2,{"source":199,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":533,"cvss_v4_0":9},{"baseScore":191,"baseSeverity":529,"vectorString":194,"impactScore":530,"exploitabilityScore":531},[535,543,550,556,562],{"ecosystem":9,"name":536,"vendor":537,"product":536,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":539},"fedora","fedoraproject","o",[540],{"version":541,"is_range":187,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"39","cpe",{"ecosystem":9,"name":544,"vendor":545,"product":546,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":547},"enterprise linux","redhat","enterprise_linux",[548],{"version":549,"is_range":187,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"8.0",{"ecosystem":9,"name":551,"vendor":545,"product":552,"cpe_part":538,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":553},"enterprise linux eus","enterprise_linux_eus",[554],{"version":555,"is_range":187,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"9.0",{"ecosystem":9,"name":557,"vendor":545,"product":557,"cpe_part":558,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":559},"storage","a",[560],{"version":561,"is_range":187,"range_type":542,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"3.0",{"ecosystem":9,"name":563,"vendor":563,"product":563,"cpe_part":558,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":564},"samba",[565,570,575],{"version":566,"is_range":567,"range_type":542,"version_start":9,"version_start_type":9,"version_end":568,"version_end_type":569,"fixed_in":9},"lt4.17.12",true,"4.17.12","excluding",{"version":571,"is_range":567,"range_type":542,"version_start":572,"version_start_type":573,"version_end":574,"version_end_type":569,"fixed_in":9},"gte4.18.0_lt4.18.8","4.18.0","including","4.18.8",{"version":576,"is_range":567,"range_type":542,"version_start":577,"version_start_type":573,"version_end":578,"version_end_type":569,"fixed_in":9},"gte4.19.0_lt4.19.1","4.19.0","4.19.1"]