CVE-2018-14628

An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.

Published: Jan 17, 2023
Updated: Apr 13, 2023
CVE: CVE-2018-14628
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CWEs:

CWE-862

Affected Software
References

Software	From	Fixed in
fedoraproject / fedora	37	37.x
samba / samba	4.19.0	4.19.3
samba / samba	4.0.0	4.18.9

http://www.openwall.com/lists/oss-security/2023/11/28/4
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
https://bugzilla.samba.org/show_bug.cgi?id=13595
https://lists.fedoraproject.org/archives/list/[email protected]/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
https://lists.fedoraproject.org/archives/list/[email protected]/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
https://security.netapp.com/advisory/ntap-20230223-0008/

Vulnerability Database

289,599

CVE-2018-14628