Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2018-14654

Опубликовано: 31 окт. 2018
Источник: nvd
CVSS3: 5.4
CVSS3: 6.5
CVSS2: 8.5
EPSS Низкий

Описание

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*
Версия до 4.1.4 (включая)
Конфигурация 2

Одно из

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_virtualization:4.0:*:*:*:*:*:*:*
Конфигурация 3

Одновременно

Одно из

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
Конфигурация 4
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 83%
0.02023
Низкий

5.4 Medium

CVSS3

6.5 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22
CWE-22

Связанные уязвимости

ubuntu логотип

CVE-2018-14654

CVSS3: 6.5
ubuntu
больше 7 лет назад

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

redhat логотип

CVE-2018-14654

CVSS3: 5.4
redhat
больше 7 лет назад

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

debian логотип

CVE-2018-14654

CVSS3: 6.5
debian
больше 7 лет назад

The Gluster file system through version 4.1.4 is vulnerable to abuse o ...

github логотип

GHSA-hv7q-959v-864g

CVSS3: 6.5
github
больше 3 лет назад

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

EPSS

Процентиль: 83%
0.02023
Низкий

5.4 Medium

CVSS3

6.5 Medium

CVSS3

8.5 High

CVSS2

Дефекты

CWE-22
CWE-22