CVE-2018-14651
Description
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
2.192
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-api-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-api-devel-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-cli-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-client-xlators-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-devel-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-fuse-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-libs-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update glusterfs-rdma-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3431) glusterfs security and bug fix update python2-gluster-3.12.2-25.el6.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-api-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-api-devel-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-cli-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-client-xlators-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-devel-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-fuse-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-libs-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update glusterfs-rdma-3.12.2-25.el7.x86_64.rpm | Linux |
| (RHSA-2018:3432) glusterfs security and bug fix update python2-gluster-3.12.2-25.el7.x86_64.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234