CVE-2018-10913

An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.

Link	Resource
https://review.gluster.org/#/c/glusterfs/+/21071/	Patch Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10913	Issue Tracking Mitigation
https://access.redhat.com/errata/RHSA-2018:2608	Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:2607	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html	Mailing List Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3470	Third Party Advisory
https://security.gentoo.org/glsa/201904-06	Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html	Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html	Mailing List Third Party Advisory

Configuration 1

cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:* cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

---

Published : 2018-09-04 02:29

Updated : 2022-04-22 07:00

---

NVD link : CVE-2018-10913

Mitre link : CVE-2018-10913

No products.

CWE-209