A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N
Vendors Products
Redhat
  • Enterprise Linux
  • Virtualization Host
  • Virtualization
  • Enterprise Linux Server
Gluster
  • Glusterfs
Opensuse
  • Leap
Debian
  • Debian Linux

Configuration 1 [-]

OR cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*
cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Configuration 3 [-]

OR cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

Configuration 4 [-]

AND
OR cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 5 [-]

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
References
Link Resource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2607 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2608 Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470 Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930 Issue Tracking Patch Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html Mailing List Third Party Advisory
https://review.gluster.org/#/c/glusterfs/+/21068/ Patch Vendor Advisory
https://security.gentoo.org/glsa/201904-06 Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2018-09-04T16:00:00

Updated: 2021-11-02T02:06:18

Reserved: 2018-05-09T00:00:00

Link: CVE-2018-10930

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2018-09-04T16:29:00.347

Modified: 2021-12-10T19:41:31.090

Link: CVE-2018-10930

JSON object: View

cve-icon Redhat Information

No data.

CWE