redhat gluster-storage CVE-2018-14654 in Red Hat and Debian Products
Published on October 31, 2018

product logo product logo
The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

Vendor Advisory Vendor Advisory Vendor Advisory Vendor Advisory NVD

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2018-14654 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2018-14654

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2018-14654 are published in these products:

Red Hat Gluster Storage
 
Red Hat Enterprise Linux Server
 
Red Hat Enterprise Linux Virtualization
 
Debian Linux
 

Affected Versions

The Gluster Project glusterfs Version through 4.1.4 is affected by CVE-2018-14654

Exploit Probability

EPSS
2.02%
Percentile
83.51%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.