Vulnerability Details CVE-2018-14651
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.036
EPSS Ranking 87.2%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 6.5
References
- https://access.redhat.com/errata/RHSA-2018:3431
- https://access.redhat.com/errata/RHSA-2018:3432
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html
- https://security.gentoo.org/glsa/201904-06
- https://access.redhat.com/errata/RHSA-2018:3431
- https://access.redhat.com/errata/RHSA-2018:3432
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html
- https://security.gentoo.org/glsa/201904-06
Products affected by CVE-2018-14651
-
cpe:2.3:a:gluster:glusterfs:3.12.0
-
cpe:2.3:a:gluster:glusterfs:3.12.1
-
cpe:2.3:a:gluster:glusterfs:3.12.10
-
cpe:2.3:a:gluster:glusterfs:3.12.11
-
cpe:2.3:a:gluster:glusterfs:3.12.12
-
cpe:2.3:a:gluster:glusterfs:3.12.13
-
cpe:2.3:a:gluster:glusterfs:3.12.14
-
cpe:2.3:a:gluster:glusterfs:3.12.2
-
cpe:2.3:a:gluster:glusterfs:3.12.3
-
cpe:2.3:a:gluster:glusterfs:3.12.4
-
cpe:2.3:a:gluster:glusterfs:3.12.5
-
cpe:2.3:a:gluster:glusterfs:3.12.6
-
cpe:2.3:a:gluster:glusterfs:3.12.7
-
cpe:2.3:a:gluster:glusterfs:3.12.8
-
cpe:2.3:a:gluster:glusterfs:3.12.9
-
cpe:2.3:a:gluster:glusterfs:4.1.0
-
cpe:2.3:a:gluster:glusterfs:4.1.1
-
cpe:2.3:a:gluster:glusterfs:4.1.2
-
cpe:2.3:a:gluster:glusterfs:4.1.3
-
cpe:2.3:a:gluster:glusterfs:4.1.4
-
cpe:2.3:o:debian:debian_linux:8.0
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0