CVE-2018-14651

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-14651
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14651.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2018-14651
Downstream
Published
2018-10-31T22:29:00.353Z
Modified
2026-03-15T15:01:18.039653Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929, CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated attacker could use one of these flaws to execute arbitrary code, create arbitrary files, or cause denial of service on glusterfs server nodes via symlinks to relative paths.

References

Affected packages

Git / github.com/gluster/glusterfs

Affected ranges

Type
GIT
Repo
https://github.com/gluster/glusterfs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
2e1e4168ab6b6b3ebe9e3dfb227fb7631e5c1aa4
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3fadf5cc41d5ea3195d2228d23e890f27fc22f87
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
a92e9e8e8ae6b97db8e0c1fb8268aef734ab48b4
Introduced
7a9d6aa5999a71e29c5fa47a0ea7105c6494123a
Last affected
fe5b6bc8522b3539a97765b243ad37ef227c05b6
Introduced
93f21655e1584c7369aa74f3072de0dc1a3e8119
Last affected
deafd5a4f8440fa2a6f54595722e6fd1d4b6ed55
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "8.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "6.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "7.0"
        },
        {
            "introduced": "3.12"
        },
        {
            "last_affected": "3.12.14"
        },
        {
            "introduced": "4.1"
        },
        {
            "last_affected": "4.1.4"
        }
    ]
}

Affected versions

v3.*
v3.12.0
v3.12.0alpha1
v3.12.0rc0
v3.12.1
v3.12.10
v3.12.11
v3.12.12
v3.12.13
v3.12.14
v3.12.2
v3.12.3
v3.12.4
v3.12.5
v3.12.6
v3.12.7
v3.12.8
v3.12.9
v3.12dev
v4.*
v4.0dev
v4.0dev1
v4.1.0
v4.1.0alpha
v4.1.0rc0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1dev
v4.2dev
v6.*
v6.0
v6.0alpha
v6.0rc0
v6.0rc1
Other
v6dev
v7dev
v8dev
v9dev
v7.*
v7.0
v7.0alpha
v7.0rc0
v7.0rc1
v7.0rc2
v7.0rc3
v8.*
v8.0
v8.0alpha
v8.0rc0

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-14651.json"