Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-10928

Опубликовано: 04 сент. 2018
Источник: nvd
CVSS3: 8.8
CVSS3: 8.8
CVSS2: 6.5
EPSS Низкий

Описание

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Конфигурация 2

Одно из

cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*
Версия от 3.12 (включая) до 3.12.14 (исключая)
cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*
Версия от 4.1 (включая) до 4.1.8 (исключая)
Конфигурация 3

Одно из

cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

EPSS

Процентиль: 74%
0.00845
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-59
CWE-59

Связанные уязвимости

ubuntu логотип

CVE-2018-10928

CVSS3: 8.8
ubuntu
больше 7 лет назад

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

redhat логотип

CVE-2018-10928

CVSS3: 8.8
redhat
больше 7 лет назад

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

debian логотип

CVE-2018-10928

CVSS3: 8.8
debian
больше 7 лет назад

A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...

github логотип

GHSA-884c-j6hw-f37p

CVSS3: 8.8
github
больше 3 лет назад

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

suse-cvrf логотип

openSUSE-SU-2020:0079-1

suse-cvrf
около 6 лет назад

Security update for glusterfs

EPSS

Процентиль: 74%
0.00845
Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.5 Medium

CVSS2

Дефекты

CWE-59
CWE-59