Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0614

The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.

Published

2023-04-03T23:15:06.957

Last Modified

2025-02-13T15:15:12.557

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 6.5 (MEDIUM)

Weaknesses

Type: Secondary
CWE-200
Type: Primary
CWE-312

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	samba	samba	< 4.16.10	Yes
Application	samba	samba	< 4.17.7	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes
Application	samba	samba	4.18.0	Yes

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/ ([email protected])
https://security.gentoo.org/glsa/202309-06 ([email protected])
https://security.netapp.com/advisory/ntap-20230406-0007/ Third Party Advisory ([email protected])
https://www.samba.org/samba/security/CVE-2023-0614.html Vendor Advisory ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXBPYIA4VWNOD437NAHZ3NXKAETLFB5S/ (af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202309-06 (af854a3a-2127-422b-91ae-364da2661108)
https://security.netapp.com/advisory/ntap-20230406-0007/ Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://www.samba.org/samba/security/CVE-2023-0614.html Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)