Total
23 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2018-10904 | 4 Debian, Gluster, Opensuse and 1 more | 5 Debian Linux, Glusterfs, Leap and 2 more | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume. | |||||
| CVE-2018-10841 | 2 Debian, Gluster | 2 Debian Linux, Glusterfs | 2024-11-21 | 6.5 MEDIUM | 8.8 HIGH |
| glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. | |||||
| CVE-2017-15096 | 1 Gluster | 1 Glusterfs | 2024-11-21 | 2.1 LOW | 3.3 LOW |
| A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. | |||||