Information Disclosure Vulnerability in GlusterFS Server by Red Hat
CVE-2018-10913

3.5LOW

Key Information:

Vendor
Red Hat
Status
Glusterfs
Vendor
CVE Published:
4 September 2018

Summary

An information disclosure vulnerability exists in the GlusterFS server, which allows an attacker to issue a xattr request via GlusterFS FUSE, potentially revealing the existence of any file on the server. This could enable unauthorized access to sensitive information by confirming the presence of files that the attacker should not have visibility into.

Affected Version(s)

glusterfs

References

https://access.redhat.com/errata/RHSA-2018:2607
vendor-advisoryx_refsource_REDHAT
https://review.gluster.org/#/c/glusterfs/+/21071/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913
x_refsource_CONFIRM

CVSS V3.1

Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.