CVE-2018-14628
4.3
MEDIUM
CVSS 3.1
EPSS 0.50%
Description
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
How to fix CVE-2018-14628
To remediate CVE-2018-14628, upgrade the affected package to a fixed version below.
- Alpine/samba—upgrade to 4.18.9-r0 or later
- —no fix listed
Is CVE-2018-14628 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 4.18.9-r0
- from 0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |