VDB
ALPINE-CVE-2018-10919
ALPINE-CVE-2018-10919
PUBLISHED
CVSS 6.5 MEDIUM
The Samba Active Directory LDAP server was vulnerable to an information disclosure flaw because of missing access control checks. An authenticated attacker could use this flaw to extract confidential attribute values using LDAP search expressions. Samba versions before 4.6.16, 4.7.9 and 4.8.4 are vulnerable.
Risk Scores
CVSS v3.0
6.5
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Alpine:v3.10 | samba | 3.6.2-r0, 3.3.7-r3, 4.8.2-r1 |
| Alpine:v3.22 | samba | 3.5.6-r4, 0, 3.2.10-r0 |
| Alpine:v3.18 | samba | 4.8.2-r0, 4.8.1-r0, 4.8.0-r0 |
| Alpine:v3.7 | samba | 4.6.6-r0, 4.6.6-r0, 4.6.6-r1 |
| Alpine:v3.6 | samba | 3.2.10-r0, 4.4.2-r0, 4.1.11-r0 |
| Alpine:v3.12 | samba | 4.1.0-r2, 3.2.10-r0, 3.2.11-r0 |
| Alpine:v3.20 | samba | 4.1.1-r0, 4.1.0-r1, 3.6.9-r0 |
| Alpine:v3.17 | samba | 3.6.10-r0, 4.8.2-r0, 4.8.1-r0 |
| Alpine:v3.16 | samba | 4.6.5-r0, 4.6.6-r0, 4.6.6-r1 |
| Alpine:v3.8 | samba | 4.1.10-r0, 4.1.0-r1, 3.6.9-r0 |
| Alpine:v3.21 | samba | 0, 4.1.15-r0, 4.1.14-r1 |
| Alpine:v3.9 | samba | 4.1.2-r0, 0, 3.2.10-r0 |
| Alpine:v3.5 | samba | 4.1.0-r1, 4.5.7-r0, 4.5.4-r0 |
| Alpine:v3.14 | samba | 4.6.0-r0, 4.5.3-r0, 4.5.1-r0 |
| Alpine:v3.11 | samba | 3.5.4-r1, 3.3.4-r0, 3.6.4-r1 |
| Alpine:v3.19 | samba | 4.8.2-r1, 3.2.10-r0, 3.2.11-r0 |
| Alpine:v3.15 | samba | 0, 4.8.2-r0, 4.8.1-r0 |
| Alpine:v3.23 | samba | 4.6.0-r0, 4.8.2-r1, 4.8.2-r0 |
| Alpine:v3.13 | samba | 3.6.2-r0, 3.6.3-r0, 3.6.4-r0 |
Timeline
- Aug 22, 2018 CVE Published
- Dec 3, 2025 CVE Updated
- Apr 30, 2026 Distribution Patch