{ "data_type": "CVE", "data_format": "MITRE", "data_version": "4.0", "CVE_data_meta": { "ID": "CVE-2019-14902", "ASSIGNER": "secalert@redhat.com", "STATE": "PUBLIC" }, "affects": { "vendor": { "vendor_data": [ { "vendor_name": "[UNKNOWN]", "product": { "product_data": [ { "product_name": "samba", "version": { "version_data": [ { "version_value": "all samba 4.11.x versions before 4.11.5" }, { "version_value": "all samba 4.10.x versions before 4.10.12" }, { "version_value": "all samba 4.9.x versions before 4.9.18" } ] } } ] } } ] } }, "problemtype": { "problemtype_data": [ { "description": [ { "lang": "eng", "value": "CWE-284" } ] } ] }, "references": { "reference_data": [ { "url": "https://www.samba.org/samba/security/CVE-2019-14902.html", "refsource": "MISC", "name": "https://www.samba.org/samba/security/CVE-2019-14902.html" }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14902", "refsource": "CONFIRM" }, { "refsource": "CONFIRM", "name": "https://security.netapp.com/advisory/ntap-20200122-0001/", "url": "https://security.netapp.com/advisory/ntap-20200122-0001/" }, { "refsource": "CONFIRM", "name": "https://www.synology.com/security/advisory/Synology_SA_20_01", "url": "https://www.synology.com/security/advisory/Synology_SA_20_01" }, { "refsource": "UBUNTU", "name": "USN-4244-1", "url": "https://usn.ubuntu.com/4244-1/" }, { "refsource": "SUSE", "name": "openSUSE-SU-2020:0122", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00055.html" }, { "refsource": "FEDORA", "name": "FEDORA-2020-6bd386c7eb", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GQ6U65I2K23YJC4FESW477WL55TU3PPT/" }, { "refsource": "FEDORA", "name": "FEDORA-2020-f92cd0e72b", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4ACZVNMIFQGGXNJPMHAVBN3H2U65FXQY/" }, { "refsource": "GENTOO", "name": "GLSA-202003-52", "url": "https://security.gentoo.org/glsa/202003-52" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20210529 [SECURITY] [DLA 2668-1] samba security update", "url": "https://lists.debian.org/debian-lts-announce/2021/05/msg00023.html" }, { "refsource": "MLIST", "name": "[debian-lts-announce] 20230914 [SECURITY] [DLA 3563-1] samba security update", "url": "https://lists.debian.org/debian-lts-announce/2023/09/msg00013.html" } ] }, "description": { "description_data": [ { "lang": "eng", "value": "There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers." } ] }, "impact": { "cvss": [ [ { "vectorString": "5.4/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "version": "3.0" } ] ] } }