Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2018-14651

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

Published

2018-10-31T22:29:00.353

Last Modified

2024-11-21T03:49:30.673

Status

Modified

Source

[email protected]

Severity

CVSSv3.0: 8.8 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:P/A:P

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: SINGLE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: PARTIAL
  • Availability Impact: PARTIAL
Exploitability Score

8.0

Impact Score

6.4

Weaknesses
  • Type: Primary
    CWE-59
  • Type: Secondary
    CWE-59
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Operating System debian debian_linux 8.0 Yes
Operating System redhat enterprise_linux 6.0 Yes
Operating System redhat enterprise_linux 7.0 Yes
Application gluster glusterfs ≤ 3.12.14 Yes
Application gluster glusterfs ≤ 4.1.4 Yes
References