CVE-2020-14318

A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.

Weakness

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

Affected Software

Name	Vendor	Start Version	End Version
Samba	Samba	3.6.0 (including)	4.11.15 (excluding)
Samba	Samba	4.12.0 (including)	4.12.9 (excluding)
Samba	Samba	4.13.0 (including)	4.13.1 (excluding)
Red Hat Enterprise Linux 7	RedHat	samba-0:4.10.16-9.el7_9	*
Red Hat Enterprise Linux 8	RedHat	openchange-0:2.3-27.el8	*
Red Hat Enterprise Linux 8	RedHat	samba-0:4.13.3-3.el8	*
Red Hat Enterprise Linux 8	RedHat	openchange-0:2.3-27.el8	*
Red Hat Enterprise Linux 8	RedHat	samba-0:4.13.3-3.el8	*
Red Hat Gluster Storage 3.5 for RHEL 7	RedHat	samba-0:4.11.6-112.el7rhgs	*
Red Hat Gluster Storage 3.5 for RHEL 8	RedHat	samba-0:4.13.7-101.el8rhgs	*
Samba	Ubuntu	bionic	*
Samba	Ubuntu	devel	*
Samba	Ubuntu	esm-infra-legacy/trusty	*
Samba	Ubuntu	esm-infra/bionic	*
Samba	Ubuntu	esm-infra/focal	*
Samba	Ubuntu	esm-infra/xenial	*
Samba	Ubuntu	focal	*
Samba	Ubuntu	groovy	*
Samba	Ubuntu	hirsute	*
Samba	Ubuntu	precise/esm	*
Samba	Ubuntu	trusty	*
Samba	Ubuntu	trusty/esm	*
Samba	Ubuntu	upstream	*
Samba	Ubuntu	xenial	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2020-14318
CWE	https://cwe.mitre.org/data/definitions/266.html

Incorrect Privilege Assignment

Weakness

Affected Software

Potential Mitigations

References