Description
An information leak vulnerability was discovered in Samba's LDAP server. Due to missing access control checks, an authenticated but unprivileged attacker could discover the names and preserved attributes of deleted objects in the LDAP store.
CVSS Metrics
- Vector
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
- Attack Vector
- network
- Complexity
- low
- Privileges
- low
- User Action
- none
- Scope
- unchanged
- Confidentiality
- low
- Integrity
- none
- Availability
- none
- Weaknesses
- CWE-862
Metadata
- Primary Vendor
- SAMBA
- Published
- 1/17/2023
- Last Modified
- 1/22/2025
- Source
- NIST NVD
- Note: Verify all details with official vendor sources before applying patches.
Affected Products
samba : sambasamba : sambafedoraproject : fedora
AI-Powered Remediation
Generate remediation guidance or a C-suite brief for this vulnerability.