{"api_version":"1","generated_at":"2026-04-23T04:10:34+00:00","cve":"CVE-2020-14318","urls":{"html":"https://cve.report/CVE-2020-14318","api":"https://cve.report/api/cve/CVE-2020-14318.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2020-14318","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2020-14318"},"summary":{"title":"CVE-2020-14318","description":"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2020-12-03 16:15:00","updated_at":"2022-01-01 18:12:00"},"problem_types":["CWE-266"],"metrics":[],"references":[{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631","refsource":"MISC","tags":["Issue Tracking","Patch","Third Party Advisory"],"title":"1892631 – (CVE-2020-14318) CVE-2020-14318 samba: Missing handle permissions check in SMB1/2/3 ChangeNotify","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://security.gentoo.org/glsa/202012-24","name":"GLSA-202012-24","refsource":"GENTOO","tags":[],"title":"Samba: Multiple vulnerabilities (GLSA 202012-24) — Gentoo security","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.samba.org/samba/security/CVE-2020-14318.html","name":"https://www.samba.org/samba/security/CVE-2020-14318.html","refsource":"MISC","tags":["Vendor Advisory"],"title":"Samba - Security Announcement Archive","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2020-14318","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-14318","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"7.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"redhat","cpe5":"enterprise_linux","cpe6":"8.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"storage","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"redhat","cpe5":"storage","cpe6":"3.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2020","cve_id":"14318","vulnerable":"1","versionEndIncluding":"1","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2020-14318","qid":"159201","title":"Oracle Enterprise Linux Security Update for samba (ELSA-2021-1647)"},{"cve":"CVE-2020-14318","qid":"239322","title":"Red Hat Update for samba (RHSA-2021:1647)"},{"cve":"CVE-2020-14318","qid":"239759","title":"Red Hat Update for samba security (RHSA-2021:3723)"},{"cve":"CVE-2020-14318","qid":"352379","title":"Amazon Linux Security Advisory for samba: ALAS2-2021-1649"},{"cve":"CVE-2020-14318","qid":"377403","title":"Alibaba Cloud Linux Security Update for samba (ALINUX3-SA-2021:0077)"},{"cve":"CVE-2020-14318","qid":"377458","title":"Alibaba Cloud Linux Security Update for samba (ALINUX2-SA-2020:0196)"},{"cve":"CVE-2020-14318","qid":"500630","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2020-14318","qid":"504390","title":"Alpine Linux Security Update for samba"},{"cve":"CVE-2020-14318","qid":"670878","title":"EulerOS Security Update for samba (EulerOS-SA-2021-1118)"},{"cve":"CVE-2020-14318","qid":"690368","title":"Free Berkeley Software Distribution (FreeBSD) Security Update for samba (9ca85b7c-1b31-11eb-8762-005056a311d1)"},{"cve":"CVE-2020-14318","qid":"750610","title":"OpenSUSE Security Update for samba (openSUSE-SU-2020:1819-1)"},{"cve":"CVE-2020-14318","qid":"750611","title":"OpenSUSE Security Update for samba (openSUSE-SU-2020:1811-1)"},{"cve":"CVE-2020-14318","qid":"901167","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for samba (7347)"},{"cve":"CVE-2020-14318","qid":"940102","title":"AlmaLinux Security Update for samba (ALSA-2021:1647)"},{"cve":"CVE-2020-14318","qid":"960808","title":"Rocky Linux Security Update for samba (RLSA-2021:1647)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2020-14318","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"samba","version":{"version_data":[{"version_value":"samba 4.11.15, samba 4.12.9, samba 4.13.1"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-266"}]}]},"references":{"reference_data":[{"refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1892631"},{"refsource":"MISC","name":"https://www.samba.org/samba/security/CVE-2020-14318.html","url":"https://www.samba.org/samba/security/CVE-2020-14318.html"},{"refsource":"GENTOO","name":"GLSA-202012-24","url":"https://security.gentoo.org/glsa/202012-24"}]},"description":{"description_data":[{"lang":"eng","value":"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker."}]}},"nvd":{"publishedDate":"2020-12-03 16:15:00","lastModifiedDate":"2022-01-01 18:12:00","problem_types":["CWE-266"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4},"severity":"MEDIUM","exploitabilityScore":8,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.12.0","versionEndExcluding":"4.12.9","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.13.0","versionEndExcluding":"4.13.1","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"3.6.0","versionEndExcluding":"4.11.15","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:redhat:storage:3.0:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2020","CveId":"14318","Ordinal":"175548","Title":"CVE-2020-14318","CVE":"CVE-2020-14318","Year":"2020"},"notes":[{"CveYear":"2020","CveId":"14318","Ordinal":"1","NoteData":"A flaw was found in the way samba handled file and directory permissions. An authenticated user could use this flaw to gain access to certain file and directory information which otherwise would be unavailable to the attacker.","Type":"Description","Title":null},{"CveYear":"2020","CveId":"14318","Ordinal":"2","NoteData":"2020-12-03","Type":"Other","Title":"Published"},{"CveYear":"2020","CveId":"14318","Ordinal":"3","NoteData":"2020-12-24","Type":"Other","Title":"Modified"}]}}}