CVE-2018-10913

Published: Sep 4, 2018Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

Affected (8)

Products: Gluster: Glusterfs · Debian: Debian Linux · Redhat: Enterprise Linux Server, Virtualization Host · +1 more

Show all products

Gluster: Glusterfs · Debian: Debian Linux · Redhat: Enterprise Linux Server, Virtualization Host · Opensuse: Leap

1 product

1 product

2 products

Enterprise Linux Server

Virtualization Host

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Gluster Glusterfs	From 3.12.0 to 3.12.14
Gluster Glusterfs	From 4.1.0 to 4.1.8

Configuration B

5 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0
Debian Debian Linux	Version 9.0
Redhat Enterprise Linux Server	Version 6.0
Redhat Enterprise Linux Server	Version 7.0
Redhat Virtualization Host	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Generation of Error Message Containing Sensitive Information

The product generates an error message that includes sensitive information about its environment, users, or associated data.

References (18)

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: secalert@redhat.com

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: secalert@redhat.com

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913

Source: secalert@redhat.com

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: secalert@redhat.com

Mailing ListThird Party Advisory

https://review.gluster.org/#/c/glusterfs/+/21071/

Source: secalert@redhat.com

PatchVendor Advisory

https://security.gentoo.org/glsa/201904-06

Source: secalert@redhat.com

Third Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://access.redhat.com/errata/RHSA-2018:2607

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:2608

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://access.redhat.com/errata/RHSA-2018:3470

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingMitigationThird Party Advisory

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://review.gluster.org/#/c/glusterfs/+/21071/

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

https://security.gentoo.org/glsa/201904-06

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.