Описание
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | not-affected | 4.1.4-1 |
| disco | not-affected | 4.1.4-1 |
| eoan | not-affected | 4.1.4-1 |
| esm-apps/bionic | released | 3.13.2-1ubuntu1+esm1 |
| esm-apps/focal | not-affected | 4.1.4-1 |
| esm-apps/xenial | released | 3.7.6-1ubuntu1+esm1 |
| esm-infra-legacy/trusty | released | 3.4.2-1ubuntu1+esm1 |
| focal | not-affected | 4.1.4-1 |
Показывать по
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3
Связанные уязвимости
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
A flaw was found in RPC request using gfs3_symlink_req in glusterfs se ...
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
EPSS
6.5 Medium
CVSS2
8.8 High
CVSS3