Vulnerability Details CVE-2018-10930
A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.006
EPSS Ranking 69.5%
CVSS Severity
CVSS v3 Score 6.5
CVSS v2 Score 4.0
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://review.gluster.org/#/c/glusterfs/+/21068/
- https://security.gentoo.org/glsa/201904-06
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/errata/RHSA-2018:2607
- https://access.redhat.com/errata/RHSA-2018:2608
- https://access.redhat.com/errata/RHSA-2018:3470
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930
- https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://review.gluster.org/#/c/glusterfs/+/21068/
- https://security.gentoo.org/glsa/201904-06
Products affected by CVE-2018-10930
-
cpe:2.3:a:gluster:glusterfs:3.12.0
-
cpe:2.3:a:gluster:glusterfs:3.12.1
-
cpe:2.3:a:gluster:glusterfs:3.12.10
-
cpe:2.3:a:gluster:glusterfs:3.12.11
-
cpe:2.3:a:gluster:glusterfs:3.12.12
-
cpe:2.3:a:gluster:glusterfs:3.12.13
-
cpe:2.3:a:gluster:glusterfs:3.12.2
-
cpe:2.3:a:gluster:glusterfs:3.12.3
-
cpe:2.3:a:gluster:glusterfs:3.12.4
-
cpe:2.3:a:gluster:glusterfs:3.12.5
-
cpe:2.3:a:gluster:glusterfs:3.12.6
-
cpe:2.3:a:gluster:glusterfs:3.12.7
-
cpe:2.3:a:gluster:glusterfs:3.12.8
-
cpe:2.3:a:gluster:glusterfs:3.12.9
-
cpe:2.3:a:gluster:glusterfs:4.1.0
-
cpe:2.3:a:gluster:glusterfs:4.1.1
-
cpe:2.3:a:gluster:glusterfs:4.1.2
-
cpe:2.3:a:gluster:glusterfs:4.1.3
-
cpe:2.3:a:redhat:virtualization:4.0
-
cpe:2.3:a:redhat:virtualization_host:4.0
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:debian:debian_linux:9.0
-
cpe:2.3:o:opensuse:leap:15.1
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0
-
cpe:2.3:o:redhat:enterprise_linux_server:7.0