Vulnerability Description
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian | Debian Linux | 8.0 |
| Redhat | Enterprise Linux | 6.0 |
| Gluster | Glusterfs | >= 3.12, <= 3.12.14 |
Related Weaknesses (CWE)
References
- https://access.redhat.com/errata/RHSA-2018:3431Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3432Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.htmlThird Party Advisory
- https://security.gentoo.org/glsa/201904-06
- https://access.redhat.com/errata/RHSA-2018:3431Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:3432Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14651Issue TrackingPatchThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00003.htmlThird Party Advisory
- https://security.gentoo.org/glsa/201904-06
FAQ
What is CVE-2018-14651?
CVE-2018-14651 is a vulnerability with a CVSS score of 8.8 (HIGH). It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execut...
How severe is CVE-2018-14651?
CVE-2018-14651 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-14651?
Check the references section above for vendor advisories and patch information. Affected products include: Debian Debian Linux, Redhat Enterprise Linux, Gluster Glusterfs.