CVE-2020-14318

Advisory lineage Upstream: 0 Downstream: 23

Downstream

ALPINE-CVE-2020-14318 DEBIAN-CVE-2020-14318 DLA-2463-1 DLA-3792-1 MGASA-2020-0410 OPENSUSE-SU-2020:1811-1

Modified

Published: 03 Dec 2020, 00:00

Last modified:29 Oct 2024, 13:52

Vulnerability Summary

Overall Risk (default)

low

17/100

CVSS Score

4.3 MEDIUM

v3.1 (cve.org)

EPSS Score

0.16% LOW

0% probability +0.01%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

03 Dec 2020, 00:00

Published

Vulnerability first disclosed

29 Oct 2024, 13:52

Last Modified

Vulnerability information updated

Description

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

CVSS Metrics

v3.1•MEDIUM•Score: 4.3CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
v2.0•MEDIUM•Score: 4AV:N/AC:L/Au:S/C:P/I:N/A:N

EPSS Trends

Current EPSS score: 0.16%• Percentile: 36%

Techniques & Countermeasures

CWE-269•Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.
CWE-266•Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Systems

redhat•enterprise_linux
7.0 | 8.0
redhat•storage
3.0
samba•samba
≥ 3.6.0, < 4.11.15 | ≥ 4.12.0, < 4.12.9 | ≥ 4.13.0, < 4.13.1