{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-14318", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-10-29T13:52:19.151Z", "dateReserved": "2020-06-17T00:00:00", "datePublished": "2020-12-03T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-22T16:05:59.418913"}, "descriptions": [{"lang": "en", "value": "A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker."}], "affected": [{"vendor": "n/a", "product": "samba", "versions": [{"version": "samba 4.11.15, samba 4.12.9, samba 4.13.1", "status": "affected"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"}, {"url": "https://www.samba.org/samba/security/CVE-2020-14318.html"}, {"name": "GLSA-202012-24", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202012-24"}, {"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-266", "cweId": "CWE-266"}]}]}, "adp": [{"affected": [{"vendor": "redhat", "product": "storage", "cpes": ["cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.0", "status": "affected"}]}, {"vendor": "redhat", "product": "enterprise_linux", "cpes": ["cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "-", "status": "affected"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-04-23T14:56:23.506771Z", "id": "CVE-2020-14318", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-29T13:52:19.151Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.239Z"}, "title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2020-14318.html", "tags": ["x_transferred"]}, {"name": "GLSA-202012-24", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202012-24"}, {"name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631", "tags": ["x_transferred"]}, {"url": "https://www.samba.org/samba/security/CVE-2020-14318.html", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202012-24", "name": "GLSA-202012-24", "tags": ["vendor-advisory", "x_transferred"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html", "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T12:39:36.239Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2020-14318", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-04-23T14:56:23.506771Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "storage", "versions": [{"status": "affected", "version": "3.0"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"], "vendor": "redhat", "product": "enterprise_linux", "versions": [{"status": "affected", "version": "-"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-04-22T20:26:29.754Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "samba", "versions": [{"status": "affected", "version": "samba 4.11.15, samba 4.12.9, samba 4.13.1"}]}], "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"}, {"url": "https://www.samba.org/samba/security/CVE-2020-14318.html"}, {"url": "https://security.gentoo.org/glsa/202012-24", "name": "GLSA-202012-24", "tags": ["vendor-advisory"]}, {"url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html", "name": "[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update", "tags": ["mailing-list"]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-266", "description": "CWE-266"}]}], "providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2024-04-22T16:05:59.418913"}}}, "cveMetadata": {"cveId": "CVE-2020-14318", "state": "PUBLISHED", "dateUpdated": "2024-10-29T13:52:19.151Z", "dateReserved": "2020-06-17T00:00:00", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "datePublished": "2020-12-03T00:00:00", "assignerShortName": "redhat"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "8D272EF5-4625-4849-AD2C-3A586743FCEF", "versionEndExcluding": "4.11.15", "versionStartIncluding": "3.6.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "163B1F95-F904-4C26-8E77-DEC708753D78", "versionEndExcluding": "4.12.9", "versionStartIncluding": "4.12.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*", "matchCriteriaId": "240B16EE-E139-40D2-BCB5-2A635031EC19", "versionEndExcluding": "4.13.1", "versionStartIncluding": "4.13.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "379A5883-F6DF-41F5-9403-8D17F6605737", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker."}, {"lang": "es", "value": "Se encontr\u00f3 un fallo en la manera en que samba manejaba los permisos de archivos y directorios. Un usuario autenticado podr\u00eda usar este fallo para conseguir acceso a determinada informaci\u00f3n de archivos y directorios que de otra manera no estar\u00eda disponible para el atacante"}], "id": "CVE-2020-14318", "lastModified": "2024-11-21T05:02:59.823", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2020-12-03T16:15:12.077", "references": [{"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-24"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2020-14318.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202012-24"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.samba.org/samba/security/CVE-2020-14318.html"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-266"}], "source": "secalert@redhat.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank the Samba project for reporting this issue. Upstream acknowledges Steven French (Microsoft and the Samba Team) as the original reporter.", "affected_release": [{"advisory": "RHSA-2020:5439", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "samba-0:4.10.16-9.el7_9", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2020-12-15T00:00:00Z"}, {"advisory": "RHSA-2021:1647", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "openchange-0:2.3-27.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1647", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "samba-0:4.13.3-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1647", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "openchange-0:2.3-27.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:1647", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "samba-0:4.13.3-3.el8", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-05-18T00:00:00Z"}, {"advisory": "RHSA-2021:3723", "cpe": "cpe:/a:redhat:storage:3.5:samba:el7", "package": "samba-0:4.11.6-112.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2021-10-05T00:00:00Z"}, {"advisory": "RHBA-2021:1503", "cpe": "cpe:/a:redhat:storage:3.5:samba:el8", "package": "samba-0:4.13.7-101.el8rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 8", "release_date": "2021-05-05T00:00:00Z"}], "bugzilla": {"description": "samba: Missing handle permissions check in SMB1/2/3 ChangeNotify", "id": "1892631", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1892631"}, "csaw": false, "cvss3": {"cvss3_base_score": "4.3", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "status": "verified"}, "cwe": "CWE-266", "details": ["A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.", "A flaw was found in the way Samba handled file and directory permissions. This flaw allows an authenticated user to gain access to certain file and directory information, which otherwise would be unavailable. The highest threat from this vulnerability is to confidentiality."], "mitigation": {"lang": "en:us", "value": "As Samba internally opens an underlying file system handle on a directory when a client requests an open, even for FILE_READ_ATTRIBUTES then if the underlying file system permissions don't allow \"r\" (read) access for the connected user, then the handle open request will be denied.\n\"r\" access is the normal permission needed to list or otherwise reveal the contents of a directory, so if a connected user has \"r\" access then they will be able to list the directory contents normally, and the information received by a ChangeNofity request is already available to the user.\nThe security issue occurs if the Administrator or directory owner had set more restrictive Windows ACL permissions on the directory to disallow read access to the user, and this permissions change was not reflected in the underlying file system permissions.\nThis will only occur if Samba is configured with VFS modules to decouple the underlying file system permissions from the Windows ACLs, by setting up a share with the settings:\n[vulnerable_share]\nvfs_objects = vfs_acl_xattr\nacl_xattr:ignore system acls = yes"}, "name": "CVE-2020-14318", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "samba", "product_name": "Red Hat Enterprise Linux 6"}], "public_date": "2020-10-29T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-14318\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-14318\nhttps://www.samba.org/samba/security/CVE-2020-14318.html"], "threat_severity": "Moderate"}