CVE-2018-14654 — MEDIUM (6.5)

Q: How severe is CVE-2018-14654?

CVE-2018-14654 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2018-14654?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Gluster Storage, Redhat Enterprise Linux Server, Redhat Enterprise Linux Virtualization, Redhat Virtualization, Redhat Virtualization Host.

Vulnerability Description

The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_KEY' xattrop to create arbitrary, empty files on the target server.

CVSS Score

6.5

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Redhat	Gluster Storage	<= 4.1.4
Redhat	Enterprise Linux Server	6.0
Redhat	Enterprise Linux Virtualization	4.0
Redhat	Virtualization	4.0
Redhat	Virtualization Host	4.0
Debian	Debian Linux	9.0

Related Weaknesses (CWE)

CWE-22

References

https://access.redhat.com/errata/RHSA-2018:3431Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3432Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3470Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201904-06Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:3431Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3432Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:3470Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14654Issue TrackingVendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlMailing ListThird Party Advisory
https://security.gentoo.org/glsa/201904-06Third Party Advisory

FAQ

What is CVE-2018-14654?

CVE-2018-14654 is a vulnerability with a CVSS score of 6.5 (MEDIUM). The Gluster file system through version 4.1.4 is vulnerable to abuse of the 'features/index' translator. A remote attacker with access to mount volumes could exploit this via the 'GF_XATTROP_ENTRY_IN_...

How severe is CVE-2018-14654?

CVE-2018-14654 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2018-14654?

Check the references section above for vendor advisories and patch information. Affected products include: Redhat Gluster Storage, Redhat Enterprise Linux Server, Redhat Enterprise Linux Virtualization, Redhat Virtualization, Redhat Virtualization Host.