6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.01 Low
EPSS
Percentile
83.0%
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage WebAdministration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
django: Catastrophic backtracking in regular expressions via ‘urlize’ and ‘urlizetrunc’ (CVE-2018-7536)
django: Catastrophic backtracking in regular expressions via ‘truncatechars_html’ and ‘truncatewords_html’ (CVE-2018-7537)
django: Open redirect possibility in CommonMiddleware (CVE-2018-14574)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
Red Hat would like to thank the Django project for reporting CVE-2018-7536 and CVE-2018-7537.
Users of Red Hat Gluster Storage Web Administration with Red Hat Gluster Storage are advised to upgrade to this updated package to fix these issues.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
RedHat | 7 | noarch | tendrl-monitoring-integration | < 1.6.3-20.el7rhgs | tendrl-monitoring-integration-1.6.3-20.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | tendrl-grafana-selinux | < 1.5.4-3.el7rhgs | tendrl-grafana-selinux-1.5.4-3.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | tendrl-api | < 1.6.3-10.el7rhgs | tendrl-api-1.6.3-10.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | python-django-tagging | < 0.4.6-1.el7rhgs | python-django-tagging-0.4.6-1.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | python2-django-doc | < 1.11.15-4.el7rhgs | python2-django-doc-1.11.15-4.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | tendrl-selinux | < 1.5.4-3.el7rhgs | tendrl-selinux-1.5.4-3.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | tendrl-grafana-plugins | < 1.6.3-20.el7rhgs | tendrl-grafana-plugins-1.6.3-20.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | graphite-web | < 1.1.4-1.el7rhgs | graphite-web-1.1.4-1.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | carbon-selinux | < 1.5.4-3.el7rhgs | carbon-selinux-1.5.4-3.el7rhgs.noarch.rpm |
RedHat | 7 | noarch | tendrl-node-agent | < 1.6.3-15.el7rhgs | tendrl-node-agent-1.6.3-15.el7rhgs.noarch.rpm |
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:P/A:N
0.01 Low
EPSS
Percentile
83.0%