Lucene search

[email protected]CVE-2018-14654

HistoryOct 31, 2018 - 7:29 p.m.

CVE-2018-14654

2018-10-3119:29:00

CWE-22

[email protected]

web.nvd.nist.gov

147

gluster

file system

cve-2018-14654

nvd

security

vulnerability

exploit

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

7.1 High

AI Score

Confidence

High

8.5 High

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:C/A:C

0.004 Low

EPSS

Percentile

74.1%

JSON

The Gluster file system through version 4.1.4 is vulnerable to abuse of the ‘features/index’ translator. A remote attacker with access to mount volumes could exploit this via the ‘GF_XATTROP_ENTRY_IN_KEY’ xattrop to create arbitrary, empty files on the target server.

Affected configurations

Vulners

NVD

Node

the_gluster_projectglusterfsRange≤4.1.4

CPENameOperatorVersion
redhat:gluster_storageredhat gluster storagele4.1.4

CPE	Name	Operator	Version
redhat:gluster_storage	redhat gluster storage	le	4.1.4

CNA Affected

[
  {
    "product": "glusterfs",
    "vendor": "The Gluster Project",
    "versions": [
      {
        "status": "affected",
        "version": "through 4.1.4"
      }
    ]
  }
]