CVE-2018-10927: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated…

high8.8CVSS 3.0

AVNACLPRLUINSUCHIHAH

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

Affected

26 ranges· showing 25

Vendor	Product	Version range	Fixed in
debian	debian_linux	—	—
debian	debian_linux	—	—
debian	glusterfs	< glusterfs 5.1-1 (bookworm)	glusterfs 5.1-1 (bookworm)
debian	glusterfs	< glusterfs 4.1.4-1 (bookworm)	glusterfs 4.1.4-1 (bookworm)
gluster	glusterfs	>= 0 < 5.1-1	5.1-1
gluster	glusterfs	>= 0 < 4.1.4-1	4.1.4-1
gluster	glusterfs	>= 0 < 5.1-1	5.1-1
gluster	glusterfs	>= 0 < 4.1.4-1	4.1.4-1
gluster	glusterfs	>= 0 < 5.1-1	5.1-1
gluster	glusterfs	>= 0 < 4.1.4-1	4.1.4-1
gluster	glusterfs	>= 0 < 5.1-1	5.1-1
gluster	glusterfs	>= 0 < 4.1.4-1	4.1.4-1
gluster	glusterfs	>= 0 < 3.4.2-1ubuntu1+esm1	3.4.2-1ubuntu1+esm1
gluster	glusterfs	>= 0 < 3.7.6-1ubuntu1+esm1	3.7.6-1ubuntu1+esm1
gluster	glusterfs	>= 0 < 3.13.2-1ubuntu1+esm1	3.13.2-1ubuntu1+esm1
gluster	glusterfs	>= 3.12 < 3.12.14	3.12.14
gluster	glusterfs	3.12 – 3.12.14	—
gluster	glusterfs	>= 4.1 < 4.1.8	4.1.8
gluster	glusterfs	4.1 – 4.1.4	—
opensuse	leap	—	—
red_hat	glusterfs	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux	—	—
redhat	enterprise_linux_server	—	—
redhat	enterprise_linux_server	—	—

CVSS provenance

nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

nvdv3.18.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H

osv8.8HIGH