Vulnerability in Gluster Glusterfs
CVE-2018-10928
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks p…
EPSS: 0.027 (84.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
Affected products
- Gluster Glusterfs
- Debian Debian_linux — versions 8.0, 9.0
- Opensuse Leap — versions 15.1
- Red Hat Glusterfs — versions n/a
- Redhat Enterprise_linux — versions 6.0, 7.0
- Redhat Enterprise_linux_server — versions 6.0, 7.0
- Redhat Gluster_storage — versions 3.0
- Redhat Virtualization_host — versions 4.0
Weakness classification (CWE)
References
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Third Party Advisory, Issue Tracking)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (x_refsource_REDHAT, vendor-advisory, Third Party Advisory)
- secalert@redhat.com (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- secalert@redhat.com (vendor-advisory, Mailing List, Third Party Advisory, x_refsource_SUSE)
- secalert@redhat.com (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
Frequently asked questions
- What is CVE-2018-10928?
- CVE-2018-10928 is a high-severity vulnerability in Gluster Glusterfs, classified under Improper Link Resolution Before File Access. CVSS score: 8.8/10. Published 2018-09-04.
- How severe is CVE-2018-10928?
- High severity. CVSS v3 base score is 8.8 out of 10.