CVE-2018-14651

EPSS 3.57%
Published 31.10.2018 22:29:00
Last modified 21.11.2024 03:49:30
Source secalert@redhat.com
Teams watchlist Login
Open Login

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

Affected products Warnungen 0 Metrics 4 CWE 1 References 8

Data is provided by the National Vulnerability Database (NVD)

Debian ≫ Debian Linux Version8.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Gluster ≫ Glusterfs Version >= 3.12 <= 3.12.14

Gluster ≫ Glusterfs Version >= 4.1 <= 4.1.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	3.57%	0.873

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	6.5	8	6.4	AV:N/AC:L/Au:S/C:P/I:P/A:P
secalert@redhat.com	8.8	2.8	5.9	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-59 Improper Link Resolution Before File Access ('Link Following')

The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

https://security.gentoo.org/glsa/201904-06

https://access.redhat.com/errata/RHSA-2018:3431

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3432

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651

Patch

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2018-14651

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-14651

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-14651

EUVD