VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-hetg-8wp9-aaak

Essentials
Severities (95)
References (13)
Severity details (8)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-hetg-8wp9-aaak
Aliases	CVE-2020-25720
Summary	A vulnerability was found in Samba where a delegated administrator with permission to create objects in Active Directory can write to all attributes of the newly created object, including security-sensitive attributes, even after the object's creation. This issue occurs because the administrator owns the object due to the lack of an Access Control List (ACL) at the time of creation and later being recognized as the 'creator owner.' The retained significant rights of the delegated administrator may not be well understood, potentially leading to unintended privilege escalation or security risks.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-264

Permissions, Privileges, and Access Controls

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json
cvssv3.1	7.5	https://access.redhat.com/security/cve/CVE-2020-25720
ssvc	Track	https://access.redhat.com/security/cve/CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00050	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00138	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00155	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
epss	0.00228	https://api.first.org/data/v1/epss?cve=CVE-2020-25720
cvssv3.1	7.5	https://bugzilla.redhat.com/show_bug.cgi?id=2305954
ssvc	Track	https://bugzilla.redhat.com/show_bug.cgi?id=2305954
cvssv3.1	7.5	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-25720
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2020-25720

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json
		https://api.first.org/data/v1/epss?cve=CVE-2020-25720
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25720
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
2305954		https://bugzilla.redhat.com/show_bug.cgi?id=2305954
cpe:/a:redhat:openshift:4		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:openshift:4
cpe:/a:redhat:storage:3		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:storage:3
cpe:/o:redhat:enterprise_linux:6		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
CVE-2020-25720		https://access.redhat.com/security/cve/CVE-2020-25720
CVE-2020-25720		https://nvd.nist.gov/vuln/detail/CVE-2020-25720

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25720.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/security/cve/CVE-2020-25720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:18:39Z/ Found at https://access.redhat.com/security/cve/CVE-2020-25720

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305954

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-17T16:18:39Z/ Found at https://bugzilla.redhat.com/show_bug.cgi?id=2305954

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-25720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2020-25720

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.20612
EPSS Score	0.00050
Published At	Nov. 18, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.