sharenfs 0.6.4, when built with commits bcdd594 and 7d08880 from the zfs repository, provides world readable access to the shared zfs file system, which might allow remote authenticated users to obtain sensitive information by reading shared files.
https://github.com/zfsonlinux/zfs/pull/2790/commits
https://github.com/zfsonlinux/zfs/issues/3319
https://github.com/FransUrbo/zfs/commit/99aa4d2b4fd12c6bef62d02ffd1b375ddd42fcf4
http://www.securityfocus.com/bid/74272
http://www.openwall.com/lists/oss-security/2015/04/22/4
Source: Mitre, NVD
Published: 2017-10-18
Updated: 2026-05-13
Base Score: 3.5
Vector: CVSS2#AV:N/AC:M/Au:S/C:P/I:N/A:N
Severity: Low
Base Score: 4.3
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Severity: Medium
EPSS: 0.00236