CVE-2018-14651 — Link Following in Glusterfs
Severity
8.8HIGHNVD
EPSS
2.2%
top 15.59%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedOct 31
Latest updateMay 14
Description
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages2 packages
Also affects: Debian Linux 8.0, Enterprise Linux 6.0, 7.0
Patches
🔴Vulnerability Details
3GHSA▶
GHSA-p7qq-cq4p-g2h3: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete↗2022-05-14
CVEList▶
CVE-2018-14651: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete↗2018-10-31
OSV▶
CVE-2018-14651: It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete↗2018-10-31
📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]↗2018-11-08
Bugzilla▶
CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]↗2018-10-31
Bugzilla▶
CVE-2018-14651 glusterfs: glusterfs server exploitable via symlinks to relative paths [fedora-all]↗2018-10-31
Bugzilla
▶