DEBIAN-CVE-2019-14902

Advisory lineage Upstream: 1 Downstream: 2

Upstream

CVE-2019-14902

Downstream

DLA-2668-1 DLA-3563-1

Published: 21 Jan 2020, 18:15

Last modified:28 Apr 2026, 20:20

Vulnerability Summary

Overall Risk (default)

low

22/100

CVSS Score

5.4 MEDIUM

3.1 (osv_debian)

EPSS Score

No data

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

21 Jan 2020, 18:15

Published

Vulnerability first disclosed

28 Apr 2026, 20:20

Last Modified

Vulnerability information updated

Description

There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.

CVSS Metrics

v3.1•MEDIUM•Score: 5.4CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected Systems

debian•samba
< 2:4.11.5+dfsg-1 | < 2:4.11.5+dfsg-1 | < 2:4.11.5+dfsg-1 | < 2:4.11.5+dfsg-1

References (1)

https://security-tracker.debian.org/tracker/CVE-2019-14902