{"api_version":"1","generated_at":"2026-04-23T09:38:13+00:00","cve":"CVE-2018-14628","urls":{"html":"https://cve.report/CVE-2018-14628","api":"https://cve.report/api/cve/CVE-2018-14628.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-14628","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-14628"},"summary":{"title":"CVE-2018-14628","description":"An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.","state":"PUBLIC","assigner":"secalert@redhat.com","published_at":"2023-01-17 18:15:00","updated_at":"2023-12-04 03:15:00"},"problem_types":["CWE-862"],"metrics":[],"references":[{"url":"https://bugzilla.samba.org/show_bug.cgi?id=13595","name":"https://bugzilla.samba.org/show_bug.cgi?id=13595","refsource":"MISC","tags":[],"title":"13595 – [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"http://www.openwall.com/lists/oss-security/2023/11/28/4","name":"http://www.openwall.com/lists/oss-security/2023/11/28/4","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625445","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1625445","refsource":"MISC","tags":[],"title":"1625445 – (CVE-2018-14628) CVE-2018-14628 samba: Unprivileged read of deleted object tombstones in AD LDAP server","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ACVMYEP5KJRL3FWSCZW2MQZ26IVPXY62/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/","name":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6DK57HQRTCDOZDIIICYWQ4Z5IQXTWVVW/","refsource":"","tags":[],"title":"","mime":"","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-14628","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-14628","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"14628","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2018","cve_id":"14628","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"samba","cpe5":"samba","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2018-14628","qid":"284787","title":"Fedora Security Update for samba (FEDORA-2023-9adeb354af)"},{"cve":"CVE-2018-14628","qid":"285119","title":"Fedora Security Update for samba (FEDORA-2023-4e69bf4c59)"},{"cve":"CVE-2018-14628","qid":"355410","title":"Amazon Linux Security Advisory for samba : ALAS2023-2023-190"},{"cve":"CVE-2018-14628","qid":"355418","title":"Amazon Linux Security Advisory for samba : ALAS2023-2023-206"},{"cve":"CVE-2018-14628","qid":"674141","title":"EulerOS Security Update for samba (EulerOS-SA-2024-1496)"},{"cve":"CVE-2018-14628","qid":"674142","title":"EulerOS Security Update for samba (EulerOS-SA-2024-1517)"},{"cve":"CVE-2018-14628","qid":"710873","title":"Gentoo Linux Samba Multiple Vulnerabilities (GLSA 202402-28)"},{"cve":"CVE-2018-14628","qid":"905302","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for samba (13064)"}]},"source_records":{"cve_program":{"data_version":"4.0","data_type":"CVE","data_format":"MITRE","CVE_data_meta":{"ID":"CVE-2018-14628","ASSIGNER":"secalert@redhat.com","STATE":"PUBLIC"},"description":{"description_data":[{"lang":"eng","value":"An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"CWE-862","cweId":"CWE-862"}]}]},"affects":{"vendor":{"vendor_data":[{"vendor_name":"n/a","product":{"product_data":[{"product_name":"Samba","version":{"version_data":[{"version_affected":"=","version_value":"All versions from 4.0.0 onwards"}]}}]}}]}},"references":{"reference_data":[{"url":"https://bugzilla.samba.org/show_bug.cgi?id=13595","refsource":"MISC","name":"https://bugzilla.samba.org/show_bug.cgi?id=13595"},{"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1625445","refsource":"MISC","name":"https://bugzilla.redhat.com/show_bug.cgi?id=1625445"}]}},"nvd":{"publishedDate":"2023-01-17 18:15:00","lastModifiedDate":"2023-12-04 03:15:00","problem_types":["CWE-862"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":4.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":2.8,"impactScore":1.4}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:samba:samba:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"14628","Ordinal":"131336","Title":"CVE-2018-14628","CVE":"CVE-2018-14628","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"14628","Ordinal":"1","NoteData":"** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem.  When the candidate has been publicized, the details for this candidate will be provided.","Type":"Description","Title":null}]}}}