Known Vulnerabilities for Glusterfs by Gluster
Listed below are 10 of the newest known vulnerabilities associated with "Glusterfs" by "Gluster".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2018-10926 | A flaw was found in RPC request using gfs3_mknod_req supported by glusterfs server. An authenticated attacker could use this ... | 8.8 - HIGH | 2018-09-04 | 2022-04-12 |
| CVE-2018-10924 | It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this f... | 6.5 - MEDIUM | 2018-09-04 | 2019-10-03 |
| CVE-2018-10923 | It was found that the "mknod" call derived from mknod(2) can create files pointing to devices on a glusterfs server node. An ... | 8.1 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10914 | It was found that an attacker could issue a xattr request via glusterfs FUSE to cause gluster brick process to crash which wi... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10913 | An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glust... | 6.5 - MEDIUM | 2018-09-04 | 2022-04-22 |
| CVE-2018-10911 | A flaw was found in the way dic_unserialize function of glusterfs does not handle negative key length values. An attacker cou... | 7.5 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10907 | It was found that glusterfs server is vulnerable to multiple stack based buffer overflows due to functions in server-rpc-fopc... | 8.8 - HIGH | 2018-09-04 | 2021-12-16 |
| CVE-2018-10904 | It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute wh... | 8.8 - HIGH | 2018-09-04 | 2022-04-22 |
| CVE-2018-10841 | glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gl... | 8.8 - HIGH | 2018-06-20 | 2023-02-12 |
| CVE-2018-1112 | glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated... | 8.8 - HIGH | 2018-04-25 | 2019-10-09 |
Known Affected Configurations (CPE V2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Application | Gluster | Glusterfs | 6.1 | All | All | All |
| Application | Gluster | Glusterfs | 6.0 | - | All | All |
| Application | Gluster | Glusterfs | 6.0 | alpha | All | All |
| Application | Gluster | Glusterfs | 6.0 | rc0 | All | All |
| Application | Gluster | Glusterfs | 6.0 | rc1 | All | All |
| Application | Gluster | Glusterfs | 5.6 | All | All | All |
| Application | Gluster | Glusterfs | 5.5 | All | All | All |
| Application | Gluster | Glusterfs | 5.4 | All | All | All |
| Application | Gluster | Glusterfs | 5.3 | All | All | All |
| Application | Gluster | Glusterfs | 5.2 | All | All | All |
| Application | Gluster | Glusterfs | 5.1 | All | All | All |
| Application | Gluster | Glusterfs | 5.0.0 | - | All | All |
| Application | Gluster | Glusterfs | 5.0.0 | alpha | All | All |
| Application | Gluster | Glusterfs | 5.0.0 | rc0 | All | All |
| Application | Gluster | Glusterfs | 5.0.0 | rc1 | All | All |
| Application | Gluster | Glusterfs | 4.1.8 | All | All | All |
| Application | Gluster | Glusterfs | 4.1.7 | All | All | All |
| Application | Gluster | Glusterfs | 4.1.6 | All | All | All |
| Application | Gluster | Glusterfs | 4.1.5 | All | All | All |
| Application | Gluster | Glusterfs | 4.1.4 | All | All | All |