Samba 4.11.x versions before 4.11.5 Insufficient Information Vulnerability
A newly delegated right, but more importantly the removal of a delegated right, would not be inherited on any DC other than the one where the change was made.
The information has been provided by Andrew Bartlett
The original article can be found at:https://www.samba.org/samba/security/CVE-2019-14902.html
There is an issue in all samba 4.11.x versions before 4.11.5, all samba 4.10.x versions before 4.10.12 and all samba 4.9.x versions before 4.9.18, where the removal of the right to create or modify a subtree would not automatically be taken away on all domain controllers.
Samba 4.11.x versions before 4.11.5
Samba 4.10.x versions before 4.10.12
Samba 4.9.x versions before 4.9.18