Vulnerability Details : CVE-2018-14628
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Exploit prediction scoring system (EPSS) score for CVE-2018-14628
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 15 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2018-14628
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
nvd@nist.gov |
CWE ids for CVE-2018-14628
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: secalert@redhat.com (Primary)
References for CVE-2018-14628
-
http://www.openwall.com/lists/oss-security/2023/11/28/4
oss-security - Fwd: Samba 4.19.3 Available for Download - addresses CVE-2018-14628
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
[SECURITY] Fedora 38 Update: samba-4.18.9-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
[SECURITY] Fedora 39 Update: samba-4.19.3-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://bugzilla.samba.org/show_bug.cgi?id=13595
Exploit;Issue Tracking;Patch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
1625445 – (CVE-2018-14628) CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP serverExploit;Issue Tracking;Patch;Third Party Advisory
Products affected by CVE-2018-14628
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*