Описание
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Ссылки
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- Third Party Advisory
- Issue TrackingPatchThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
Одно из
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2
Дефекты
Связанные уязвимости
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018 ...
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Уязвимость файловой системы GlusterFS, связанная с некорректным определением ссылки перед доступом к файлу, позволяющая нарушителю выполнить произвольный код или вызвать отказ в обслуживании
EPSS
8.8 High
CVSS3
6.5 Medium
CVSS2