CVE-2018-10904 -- glusterfs-commonID: oval:org.secpod.oval:def:1901619 | Date: (C)2019-05-30 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
It was found that glusterfs-common server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
Platform: |
Ubuntu 16.04 |
Ubuntu 18.10 |
Ubuntu 14.04 |
Ubuntu 18.04 |