CVE-2018-10913 — Information Exposure via Error Message in Glusterfs
Severity
6.5MEDIUMNVD
EPSS
1.0%
top 23.53%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateApr 30
Description
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-2vq9-x634-p9m5: An information disclosure vulnerability was discovered in glusterfs server↗2022-04-30
CVEList▶
CVE-2018-10913: An information disclosure vulnerability was discovered in glusterfs server↗2018-09-04
OSV▶
CVE-2018-10913: An information disclosure vulnerability was discovered in glusterfs server↗2018-09-04
📋Vendor Advisories
3💬Community
4Bugzilla▶
CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c [fedora-all]↗2018-09-04
Bugzilla▶
CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c↗2018-09-04
Bugzilla▶
CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c↗2018-09-04
Bugzilla▶
CVE-2018-10913 glusterfs: Information Exposure in posix_get_file_contents function in posix-helpers.c↗2018-07-23