Vulnerability Details : CVE-2018-14628
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
Products affected by CVE-2018-14628
- cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2018-14628
0.09%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 40 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2018-14628
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
2.8
|
1.4
|
NIST |
CWE ids for CVE-2018-14628
-
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.Assigned by: secalert@redhat.com (Primary)
References for CVE-2018-14628
-
http://www.openwall.com/lists/oss-security/2023/11/28/4
oss-security - Fwd: Samba 4.19.3 Available for Download - addresses CVE-2018-14628
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/
[SECURITY] Fedora 38 Update: samba-4.18.9-1.fc38 - package-announce - Fedora Mailing-Lists
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/
[SECURITY] Fedora 39 Update: samba-4.19.3-1.fc39 - package-announce - Fedora Mailing-Lists
-
https://bugzilla.samba.org/show_bug.cgi?id=13595
Exploit;Issue Tracking;Patch;Vendor Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=1625445
1625445 – (CVE-2018-14628) CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP serverExploit;Issue Tracking;Patch;Third Party Advisory
Jump to