{"containers": {"cna": {"affected": [{"product": "glusterfs", "vendor": "Red Hat", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-09-04T00:00:00", "descriptions": [{"lang": "en", "value": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes."}], "metrics": [{"cvssV3_0": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-59", "description": "CWE-59", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-02T02:06:16", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928"}, {"name": "RHSA-2018:2607", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2607"}, {"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"}, {"name": "RHSA-2018:2608", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:2608"}, {"name": "RHSA-2018:3470", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3470"}, {"name": "GLSA-201904-06", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201904-06"}, {"name": "openSUSE-SU-2020:0079", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"}, {"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "secalert@redhat.com", "ID": "CVE-2018-10928", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "glusterfs", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "Red Hat"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes."}]}, "impact": {"cvss": [[{"vectorString": "8.8/CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}]]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-59"}]}]}, "references": {"reference_data": [{"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928", "refsource": "CONFIRM", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928"}, {"name": "RHSA-2018:2607", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2607"}, {"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"}, {"name": "RHSA-2018:2608", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:2608"}, {"name": "RHSA-2018:3470", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3470"}, {"name": "GLSA-201904-06", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201904-06"}, {"name": "openSUSE-SU-2020:0079", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"}, {"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T07:54:36.029Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928"}, {"name": "RHSA-2018:2607", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2607"}, {"name": "[debian-lts-announce] 20180920 [SECURITY] [DLA 1510-1] glusterfs security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"}, {"name": "RHSA-2018:2608", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:2608"}, {"name": "RHSA-2018:3470", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2018:3470"}, {"name": "GLSA-201904-06", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201904-06"}, {"name": "openSUSE-SU-2020:0079", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"}, {"name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-10928", "datePublished": "2018-09-04T15:00:00", "dateReserved": "2018-05-09T00:00:00", "dateUpdated": "2024-08-05T07:54:36.029Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "2F6AB192-9D7D-4A9A-8995-E53A9DE9EAFC", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "142AD0DD-4CF3-4D74-9442-459CE3347E3A", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "9BBCD86A-E6C7-4444-9D74-F861084090F0", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*", "matchCriteriaId": "6DB9B638-7178-494D-BC59-5571F509C580", "versionEndExcluding": "3.12.14", "versionStartIncluding": "3.12", "vulnerable": true}, {"criteria": "cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*", "matchCriteriaId": "1A3DF2E0-2841-4A84-A6AF-A2800569AF6C", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:gluster_storage:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "F1986832-44C9-491E-A75D-AAD8FAE683E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "BB28F9AF-3D06-4532-B397-96D7E4792503", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*", "matchCriteriaId": "B620311B-34A3-48A6-82DF-6F078D7A4493", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes."}, {"lang": "es", "value": "Se ha detectado un error en las peticiones RPC que emplean gfs3_symlink_req en el servidor glusterfs, lo que permite que los destinos symlink se\u00f1alen a rutas de archivo fuera del volumen gluster. Un atacante autenticado podr\u00eda emplear este error para crear symlinks arbitrarios que se\u00f1alen a cualquier lugar del servidor y ejecutar c\u00f3digo arbitrario en un nodo del servidor glusterfs."}], "id": "CVE-2018-10928", "lastModified": "2022-04-12T18:33:47.977", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "secalert@redhat.com", "type": "Secondary"}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-04T15:29:00.677", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2607"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:2608"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3470"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Patch", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10928"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201904-06"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-59"}], "source": "secalert@redhat.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-59"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{"acknowledgement": "Red Hat would like to thank Michael Hanselmann (hansmi.ch) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2018:2608", "cpe": "cpe:/a:redhat:storage:3:client:el6", "package": "glusterfs-0:3.12.2-18.el6", "product_name": "Native Client for RHEL 6 for Red Hat Storage", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2607", "cpe": "cpe:/a:redhat:storage:3:client:el7", "package": "glusterfs-0:3.12.2-18.el7", "product_name": "Native Client for RHEL 7 for Red Hat Storage", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2608", "cpe": "cpe:/a:redhat:storage:3.4:server:el6", "package": "glusterfs-0:3.12.2-18.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2608", "cpe": "cpe:/a:redhat:storage:3.4:server:el6", "package": "redhat-release-server-0:6Server-6.10.0.24.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2608", "cpe": "cpe:/a:redhat:storage:3.4:server:el6", "package": "redhat-storage-server-0:3.4.0.0-1.el6rhs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 6", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2607", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "glusterfs-0:3.12.2-18.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2607", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "redhat-release-server-0:7.5-11.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2607", "cpe": "cpe:/a:redhat:storage:3.4:server:el7", "package": "redhat-storage-server-0:3.4.0.0-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.4 for RHEL 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:2607", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "glusterfs-0:3.12.2-18.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2018-09-04T00:00:00Z"}, {"advisory": "RHSA-2018:3470", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "imgbased-0:1.0.29-1.el7ev", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2018-11-05T00:00:00Z"}, {"advisory": "RHSA-2018:3470", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "redhat-release-virtualization-host-0:4.2-7.3.el7", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2018-11-05T00:00:00Z"}, {"advisory": "RHSA-2018:3470", "cpe": "cpe:/o:redhat:enterprise_linux:7::hypervisor", "impact": "moderate", "package": "redhat-virtualization-host-0:4.2-20181026.0.el7_6", "product_name": "Red Hat Virtualization 4 for Red Hat Enterprise Linux 7", "release_date": "2018-11-05T00:00:00Z"}], "bugzilla": {"description": "glusterfs: Improper resolution of symlinks allows for privilege escalation", "id": "1612659", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1612659"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-59", "details": ["A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.", "A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes."], "mitigation": {"lang": "en:us", "value": "To limit exposure of gluster server nodes : \n1. gluster server should be on LAN and not reachable from public networks. \n2. Use gluster auth.allow and auth.reject. \n3. Use TLS certificates to authenticate gluster clients.\ncaveat: This does not protect from attacks by authenticated gluster clients."}, "name": "CVE-2018-10928", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "glusterfs", "product_name": "Red Hat Enterprise Linux 8"}], "public_date": "2018-09-04T05:30:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2018-10928\nhttps://nvd.nist.gov/vuln/detail/CVE-2018-10928"], "statement": "This issue did not affect Red Hat Enterprise Linux 6 and 7 as the flaw is present in glusterfs-server, which is not shipped there.\nThis flaw affects glusterfs versions included in Red Hat Virtualization 4 Hypervisor. However, in recommended configurations, the vulnerability is only exposed to hypervisor administrators and can not be exploited from virtual machines or other hosts on the network. For Red Hat Virtualization, Product Security has rated this flaw as Moderate. For additional information, refer to the Issue Severity Classification: https://access.redhat.com/security/updates/classification/.", "threat_severity": "Important", "upstream_fix": "glusterfs 3.12.14, glusterfs 4.1.4"}