CVE-2018-10923 — Improper Input Validation in Glusterfs
Severity
8.1HIGHNVD
EPSS
1.2%
top 21.02%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateApr 30
Description
It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An authenticated attacker could use this to create an arbitrary device and read data from any device attached to the glusterfs server node.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2
Affected Packages6 packages
Also affects: Debian Linux 8.0, 9.0
🔴Vulnerability Details
3GHSA▶
GHSA-gxph-3c78-xmc3: It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node↗2022-04-30
OSV▶
CVE-2018-10923: It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node↗2018-09-04
CVEList▶
CVE-2018-10923: It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node↗2018-09-04
📋Vendor Advisories
3💬Community
4Bugzilla
▶