CVSS: 6.5EPSS: 1%CPEs: 9EXPL: 0CVE-2018-14660 – glusterfs: Repeat use of "GF_META_LOCK_KEY" xattr allows for memory exhaustion
https://notcve.org/view.php?id=CVE-2018-14660
31 Oct 2018 — A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. Se ha encontrado un error en el servidor glusterfs hasta las versiones 4.1.4 y 3.1.2 que permitía el uso repetido del xattr GF_META_LOCK_KEY. Un atacante autenticado remoto podría emplear este error para... • https://access.redhat.com/errata/RHSA-2018:3431 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-10841 – glusterfs: access trusted peer group via remote-host command
https://notcve.org/view.php?id=CVE-2018-10841
20 Jun 2018 — glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. glusterfs es vulnerable a un escalado de privilegios en los nodos del servidor gluster. Un cliente gluster autenticado mediante TLS podría emplear la interfaz de línea de comandos de g... • https://access.redhat.com/errata/RHSA-2018:1954 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVSS: 8.8EPSS: 3%CPEs: 2EXPL: 0CVE-2018-1112 – glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)
https://notcve.org/view.php?id=CVE-2018-1112
25 Apr 2018 — glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. El servidor glusterfs 3.10.12 y 4.0.2 es vulnerable cuando se emplea la opción "auth.allow", que permite que cualquier cliente de gluster no autenticado se conecte desde cualquier red para montar volúmenes de almacenamiento de gluster. NO... • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html • CWE-287: Improper Authentication •
CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 0CVE-2017-15096
https://notcve.org/view.php?id=CVE-2017-15096
26 Oct 2017 — A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. Se ha encontrado un fallo en versiones anteriores a la 3.10 de GlusterFS. Una desreferencia de puntero NULL en la función send_brick_req en glusterfsd/src/gf_attach.c podría emplearse para provocar una denegación de servicio (DoS). • https://bugzilla.redhat.com/show_bug.cgi?id=1504255 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 0CVE-2014-3619 – Mandriva Linux Security Advisory 2015-211
https://notcve.org/view.php?id=CVE-2014-3619
27 Mar 2015 — The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header. La función __socket_proto_state_machine en GlusterFS 3.5 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de una cabecera de fragmento '00000000'. glusterfs was vulnerable to a fragment header infinite loop denial of service attack. Also, the glusterfsd SysV init script was failing to properly start the servic... • http://advisories.mageia.org/MGASA-2015-0145.html • CWE-399: Resource Management Errors •