Information Disclosure Vulnerability in GlusterFS Server by Red Hat
CVE-2018-10913
3.5LOW
Summary
An information disclosure vulnerability exists in the GlusterFS server, which allows an attacker to issue a xattr request via GlusterFS FUSE, potentially revealing the existence of any file on the server. This could enable unauthorized access to sensitive information by confirming the presence of files that the attacker should not have visibility into.
Affected Version(s)
glusterfs
References
CVSS V3.1
Score:
3.5
Severity:
LOW
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved