CVE-2019-14902

Advisory lineage Upstream: 0 Downstream: 12

Downstream

ALPINE-CVE-2019-14902 DEBIAN-CVE-2019-14902 DLA-2668-1 DLA-3563-1 MGASA-2020-0058 OPENSUSE-SU-2020:0122-1

Modified

Published: 21 Jan 2020, 00:00

Last modified:05 Aug 2024, 00:26

Vulnerability Summary

Overall Risk (default)

low

23/100

CVSS Score

5.5 MEDIUM

v2.0 (nvd)

EPSS Score

3.5% LOW

4% probability 0.00%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Jan 2020, 00:00

Published

Vulnerability first disclosed

05 Aug 2024, 00:26

Last Modified

Vulnerability information updated

Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS Metrics

v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
v2.0•MEDIUM•Score: 5.5AV:N/AC:L/Au:S/C:P/I:P/A:N

EPSS Trends

Current EPSS score: 3.50%• Percentile: 88%

Techniques & Countermeasures

CWE-284•Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

Affected Systems

canonical•ubuntu_linux
16.04 | 18.04 | 19.04 | 19.10
debian•debian_linux
9.0
opensuse•leap
15.1
samba•samba
≥ 4.0.0, < 4.9.18 | ≥ 4.10.0, < 4.10.12 | ≥ 4.11.0, < 4.11.5
[unknown]•samba
all samba 4.11.x versions before 4.11.5 | all samba 4.10.x versions before 4.10.12 | all samba 4.9.x versions before 4.9.18