CVE-2018-10928
Severity
8.8HIGH
EPSS
1.7%
top 17.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedSep 4
Latest updateMay 13
Description
A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 8.0, 9.0, Enterprise Linux 6.0, 7.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-884c-j6hw-f37p: A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the glu↗2022-05-13
OSV▶
CVE-2018-10928: A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the glu↗2018-09-04
CVEList▶
CVE-2018-10928: A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the glu↗2018-09-04
📋Vendor Advisories
4Debian▶
CVE-2018-10928: glusterfs - A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which...↗2018