Unintended Privilege Escalation through Delegated Administrator Rights
CVE-2020-25720

7.5HIGH

Key Information:

Status
Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Vendor
CVE Published:
17 November 2024

What is CVE-2020-25720?

A vulnerability exists within Samba where a delegated administrator, granted permission to create objects in Active Directory, retains the ability to modify all attributes of those objects, including those that are security-sensitive, despite the object's initial creation. This situation arises from the absence of an Access Control List (ACL) at the time the object is created, designating the administrator as the 'creator owner.' Due to this oversight, the delegated administrator may possess significant rights that can lead to unintended privilege escalation and other security vulnerabilities. It is crucial for organizations using Samba within their Active Directory environments to assess their configurations and secure their access control settings.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://access.redhat.com/security/cve/CVE-2020-25720
vdb-entryx_refsource_REDHAT
https://bugzilla.redhat.com/show_bug.cgi?id=2305954
issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

JSON
.