) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- Results Type: Overview
- Keyword (text search): cpe:2.3:a:gluster:glusterfs:3.1.0:*:*:*:*:*:*:*
- CPE Name Search: true
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-14660 |
A flaw was found in glusterfs server through versions 4.1.4 and 3.1.2 which allowed repeated usage of GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw to create multiple locks for single inode by using setxattr repetitively resulting in memory exhaustion of glusterfs server node. Published: November 01, 2018; 10:29:00 AM -0400 |
V3.1: 6.5 MEDIUM V2.0: 4.0 MEDIUM |
| CVE-2018-10841 |
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. Published: June 20, 2018; 2:29:00 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-1112 |
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. Published: April 25, 2018; 8:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 7.5 HIGH |
| CVE-2017-15096 |
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. Published: October 26, 2017; 1:29:00 PM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |