The fix in 4.6.16, 4.7.9, 4.8.4 and 4.9.7 for CVE-2018-10919 Confidential attribute disclosure vi LDAP filters was insufficient and an attacker may be able to obtain confidential BitLocker recovery keys from a Samba AD DC.
[
{
"vendor": "n/a",
"product": "Samba",
"versions": [
{
"version": "samba 4.18.1, samba 4.17.7, samba 4.16.10",
"status": "affected"
}
]
}
]