CVSS: 8.1EPSS: 1%CPEs: 8EXPL: 0CVE-2018-10927 – glusterfs: File status information leak and denial of service
https://notcve.org/view.php?id=CVE-2018-10927
04 Sep 2018 — A flaw was found in RPC request using gfs3_lookup_req in glusterfs server. An authenticated attacker could use this flaw to leak information and execute remote denial of service by crashing gluster brick process. Se ha detectado un error en las peticiones RPC que emplean gfs3_lookup_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para filtrar información y ejecutar una denegación de servicio (DoS) remota provocando el cierre inesperado del proceso brick de gluster. The redhat... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-20: Improper Input Validation CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 8.8EPSS: 1%CPEs: 11EXPL: 0CVE-2018-10928 – glusterfs: Improper resolution of symlinks allows for privilege escalation
https://notcve.org/view.php?id=CVE-2018-10928
04 Sep 2018 — A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs3_symlink_req en el servidor glusterfs, lo que permite que los destinos symlink señalen a rutas de archivo fuera del volumen g... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVSS: 8.8EPSS: 1%CPEs: 8EXPL: 0CVE-2018-10929 – glusterfs: Arbitrary file creation on storage server allows for execution of arbitrary code
https://notcve.org/view.php?id=CVE-2018-10929
04 Sep 2018 — A flaw was found in RPC request using gfs2_create_req in glusterfs server. An authenticated attacker could use this flaw to create arbitrary files and execute arbitrary code on glusterfs server nodes. Se ha detectado un error en las peticiones RPC que emplean gfs2_create_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para crear archivos arbitrarios y ejecutar código arbitrario en un nodo del servidor glusterfs. The redhat-virtualization-host packages provide the Red Hat Virt... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-20: Improper Input Validation •
CVSS: 6.8EPSS: 0%CPEs: 11EXPL: 0CVE-2018-10930 – glusterfs: Files can be renamed outside volume
https://notcve.org/view.php?id=CVE-2018-10930
04 Sep 2018 — A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume. Se ha detectado un error en las peticiones RPC que emplean gfs3_rename_req en el servidor glusterfs. Un atacante autenticado podría emplear este error para escribir a un destino fuera del volumen gluster. The redhat-virtualization-host packages provide the Red Hat Virtualization Host. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-20: Improper Input Validation •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10841 – glusterfs: access trusted peer group via remote-host command
https://notcve.org/view.php?id=CVE-2018-10841
20 Jun 2018 — glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. glusterfs es vulnerable a un escalado de privilegios en los nodos del servidor gluster. Un cliente gluster autenticado mediante TLS podría emplear la interfaz de línea de comandos de g... • https://access.redhat.com/errata/RHSA-2018:1954 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •