CVE-2014-8177 — Improper Access Control in Redhat Gluster Storage Management Console

CWE-284 — Improper Access Control5 documents5 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 69.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Redhat Gluster Storage Management Console Redhat Gluster Storage Server

Timeline

PublishedJun 7

Latest updateMay 14

Description

The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass the max_meta_count constraint via multiple crafted requests which exceed the limit when combined.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDredhat/gluster_storage_server3.1

▶NVDredhat/gluster_storage_management_console3.1

🔴Vulnerability Details

GHSA

GHSA-8qj2-2gmf-vrgg: The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass t↗2022-05-14

▶

CVEList

CVE-2014-8177: The Red Hat gluster-swift package, as used in Red Hat Gluster Storage (formerly Red Hat Storage Server), allows remote authenticated users to bypass t↗2016-06-07

▶

📋Vendor Advisories

Red Hat

gluster-swift metadata constraints are not correctly enforced↗2015-08-21

▶

💬Community

Bugzilla

CVE-2014-8177 gluster-swift metadata constraints are not correctly enforced↗2015-08-27

▶