Vulnerability Details CVE-2018-10926
A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this flaw to write files to an arbitrary location via path traversal and execute arbitrary code on a glusterfs server node.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.3%
CVSS Severity
CVSS v3 Score 8.1
CVSS v2 Score 6.5
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10926
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://security.gentoo.org/glsa/201904-06
Products affected by CVE-2018-10926
-
cpe:2.3:a:gluster:glusterfs:3.12.0
-
cpe:2.3:a:gluster:glusterfs:3.12.1
-
cpe:2.3:a:gluster:glusterfs:3.12.10
-
cpe:2.3:a:gluster:glusterfs:3.12.11
-
cpe:2.3:a:gluster:glusterfs:3.12.12
-
cpe:2.3:a:gluster:glusterfs:3.12.13
-
cpe:2.3:a:gluster:glusterfs:3.12.2
-
cpe:2.3:a:gluster:glusterfs:3.12.3
-
cpe:2.3:a:gluster:glusterfs:3.12.4
-
cpe:2.3:a:gluster:glusterfs:3.12.5
-
cpe:2.3:a:gluster:glusterfs:3.12.6
-
cpe:2.3:a:gluster:glusterfs:3.12.7
-
cpe:2.3:a:gluster:glusterfs:3.12.8
-
cpe:2.3:a:gluster:glusterfs:3.12.9
-
cpe:2.3:a:gluster:glusterfs:4.1.0
-
cpe:2.3:a:gluster:glusterfs:4.1.1
-
cpe:2.3:a:gluster:glusterfs:4.1.2
-
cpe:2.3:a:gluster:glusterfs:4.1.3
-
cpe:2.3:a:gluster:glusterfs:4.1.4
-
cpe:2.3:a:gluster:glusterfs:4.1.5
-
cpe:2.3:a:gluster:glusterfs:4.1.6
-
cpe:2.3:a:gluster:glusterfs:4.1.7
-
cpe:2.3:a:redhat:virtualization_host:4.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:6.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0