{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2020-14318","assignerOrgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","assignerShortName":"redhat","dateUpdated":"2024-10-29T13:52:19.151Z","dateReserved":"2020-06-17T00:00:00.000Z","datePublished":"2020-12-03T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"53f830b8-0a3f-465b-8143-3b8a9948e749","shortName":"redhat","dateUpdated":"2024-04-22T16:05:59.418Z"},"descriptions":[{"lang":"en","value":"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker."}],"affected":[{"vendor":"n/a","product":"samba","versions":[{"version":"samba 4.11.15, samba 4.12.9, samba 4.13.1","status":"affected"}]}],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631"},{"url":"https://www.samba.org/samba/security/CVE-2020-14318.html"},{"name":"GLSA-202012-24","tags":["vendor-advisory"],"url":"https://security.gentoo.org/glsa/202012-24"},{"name":"[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update","tags":["mailing-list"],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}],"problemTypes":[{"descriptions":[{"type":"CWE","lang":"en","description":"CWE-266","cweId":"CWE-266"}]}]},"adp":[{"affected":[{"vendor":"redhat","product":"storage","cpes":["cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"3.0","status":"affected"}]},{"vendor":"redhat","product":"enterprise_linux","cpes":["cpe:2.3:o:redhat:enterprise_linux:-:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"-","status":"affected"}]}],"metrics":[{"cvssV3_1":{"scope":"UNCHANGED","version":"3.1","baseScore":4.3,"attackVector":"NETWORK","baseSeverity":"MEDIUM","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","integrityImpact":"NONE","userInteraction":"NONE","attackComplexity":"LOW","availabilityImpact":"NONE","privilegesRequired":"LOW","confidentialityImpact":"LOW"}},{"other":{"type":"ssvc","content":{"timestamp":"2024-04-23T14:56:23.506771Z","id":"CVE-2020-14318","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-10-29T13:52:19.151Z"}},{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-04T12:39:36.239Z"},"title":"CVE Program Container","references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631","tags":["x_transferred"]},{"url":"https://www.samba.org/samba/security/CVE-2020-14318.html","tags":["x_transferred"]},{"name":"GLSA-202012-24","tags":["vendor-advisory","x_transferred"],"url":"https://security.gentoo.org/glsa/202012-24"},{"name":"[debian-lts-announce] 20240422 [SECURITY] [DLA 3792-1] samba security update","tags":["mailing-list","x_transferred"],"url":"https://lists.debian.org/debian-lts-announce/2024/04/msg00015.html"}]}]}}