CVE-2020-14318

medium
New! CVE Severity Now Using CVSS v3

The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Description

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1892631

https://security.gentoo.org/glsa/202012-24

https://www.samba.org/samba/security/CVE-2020-14318.html

Details

Source: MITRE

Published: 2020-12-03

Updated: 2020-12-24

Type: CWE-269

Risk Information

CVSS v2

Base Score: 4

Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8

Severity: MEDIUM

CVSS v3

Base Score: 4.3

Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Impact Score: 1.4

Exploitability Score: 2.8

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*

Tenable Plugins

View all (39 total)

IDNameProductFamilySeverity
151396EulerOS Virtualization 3.0.2.2 : samba (EulerOS-SA-2021-2168)NessusHuawei Local Security Checks
critical
150674SUSE SLES11 Security Update : samba (SUSE-SU-2020:14525-1)NessusSuSE Local Security Checks
medium
149965Oracle Linux 8 : samba (ELSA-2021-1647)NessusOracle Linux Local Security Checks
critical
149752CentOS 8 : samba (CESA-2021:1647)NessusCentOS Local Security Checks
critical
149679RHEL 8 : samba (RHSA-2021:1647)NessusRed Hat Local Security Checks
critical
147666EulerOS Virtualization 2.9.0 : samba (EulerOS-SA-2021-1635)NessusHuawei Local Security Checks
critical
147497EulerOS Virtualization 2.9.1 : samba (EulerOS-SA-2021-1625)NessusHuawei Local Security Checks
critical
147458EulerOS Virtualization 3.0.2.6 : samba (EulerOS-SA-2021-1423)NessusHuawei Local Security Checks
medium
147360NewStart CGSL CORE 5.04 / MAIN 5.04 : samba Multiple Vulnerabilities (NS-SA-2021-0024)NessusNewStart CGSL Local Security Checks
critical
147061EulerOS Virtualization 3.0.6.6 : samba (EulerOS-SA-2021-1517)NessusHuawei Local Security Checks
critical
147047EulerOS Virtualization for ARM 64 3.0.6.0 : samba (EulerOS-SA-2021-1533)NessusHuawei Local Security Checks
critical
146748EulerOS 2.0 SP2 : samba (EulerOS-SA-2021-1357)NessusHuawei Local Security Checks
high
146109EulerOS 2.0 SP5 : samba (EulerOS-SA-2021-1229)NessusHuawei Local Security Checks
medium
145189EulerOS 2.0 SP3 : samba (EulerOS-SA-2021-1118)NessusHuawei Local Security Checks
critical
144992Amazon Linux AMI : samba (ALAS-2021-1469)NessusAmazon Linux Local Security Checks
critical
144973CentOS 7 : samba (CESA-2020:5439)NessusCentOS Local Security Checks
critical
144800Amazon Linux 2 : ctdb (ALAS-2021-1585)NessusAmazon Linux Local Security Checks
critical
144739EulerOS Virtualization for ARM 64 3.0.2.0 : samba (EulerOS-SA-2021-1050)NessusHuawei Local Security Checks
critical
144607GLSA-202012-24 : Samba: Multiple vulnerabilitiesNessusGentoo Local Security Checks
critical
144423RHEL 7 : samba (RHSA-2020:5439)NessusRed Hat Local Security Checks
critical
144332Oracle Linux 7 : samba (ELSA-2020-5439)NessusOracle Linux Local Security Checks
critical
144296Scientific Linux Security Update : samba on SL7.x i686/x86_64 (2020:5439)NessusScientific Linux Local Security Checks
critical
144176EulerOS 2.0 SP8 : samba (EulerOS-SA-2020-2533)NessusHuawei Local Security Checks
medium
143848SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3081-1)NessusSuSE Local Security Checks
medium
143847SUSE SLES12 Security Update : samba (SUSE-SU-2020:3082-1)NessusSuSE Local Security Checks
medium
143822SUSE SLES15 Security Update : samba (SUSE-SU-2020:3087-1)NessusSuSE Local Security Checks
medium
143797SUSE SLED15 / SLES15 Security Update : samba (SUSE-SU-2020:3092-1)NessusSuSE Local Security Checks
medium
143766SUSE SLES12 Security Update : samba (SUSE-SU-2020:3083-1)NessusSuSE Local Security Checks
medium
143684SUSE SLES12 Security Update : samba (SUSE-SU-2020:3093-1)NessusSuSE Local Security Checks
medium
143416EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2491)NessusHuawei Local Security Checks
medium
143414EulerOS 2.0 SP9 : samba (EulerOS-SA-2020-2504)NessusHuawei Local Security Checks
medium
143186Debian DLA-2463-1 : samba security updateNessusDebian Local Security Checks
critical
142668Fedora 32 : 2:samba (2020-2e1a1489be)NessusFedora Local Security Checks
medium
142540openSUSE Security Update : samba (openSUSE-2020-1811)NessusSuSE Local Security Checks
medium
142419Samba 3.6.x < 4.11.15 / 4.12.x < 4.12.9 / 4.13.x < 4.13.1 Multiple VulnerabilitiesNessusMisc.
medium
142351Fedora 33 : 2:samba (2020-c1e9ae02d2)NessusFedora Local Security Checks
medium
142324openSUSE Security Update : samba (openSUSE-2020-1819)NessusSuSE Local Security Checks
medium
142218Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Samba vulnerabilities (USN-4611-1)NessusUbuntu Local Security Checks
medium
142151FreeBSD : samba -- Multiple Vulnerabilities (9ca85b7c-1b31-11eb-8762-005056a311d1)NessusFreeBSD Local Security Checks
medium