CVE-2018-14628
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
17/01/2023
Last modified:
22/01/2025
Description
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.0.0 (including) | 4.18.9 (excluding) |
| cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:* | 4.19.0 (including) | 4.19.3 (excluding) |
| cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.openwall.com/lists/oss-security/2023/11/28/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1625445
- https://bugzilla.samba.org/show_bug.cgi?id=13595
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
- http://www.openwall.com/lists/oss-security/2023/11/28/4
- https://bugzilla.redhat.com/show_bug.cgi?id=1625445
- https://bugzilla.samba.org/show_bug.cgi?id=13595
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
- https://security.netapp.com/advisory/ntap-20230223-0008/