CVE-2018-14651 Information

Description

It was found that the fix for CVE-2018-10927 CVE-2018-10928 CVE-2018-10929 CVE-2018-10930 and CVE-2018-10926 was incomplete. A remote authenticated attacker could use one of these flaws to execute arbitrary code create arbitrary files or cause denial of service on glusterfs server nodes via symlinks to relative paths.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Reference

https://access.redhat.com/errata/RHSA-2018:3431 https://access.redhat.com/errata/RHSA-2018:3432 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651 https://lists.debian.org/debian-lts-announce/2018/11/msg00003.html https://security.gentoo.org/glsa/201904-06

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

8.8