CVE-2018-10913
04.09.2018, 14:29
An information disclosure vulnerability was discovered in glusterfs server. An attacker could issue a xattr request via glusterfs FUSE to determine the existence of any file.Enginsight
| Vendor | Product | Version |
|---|---|---|
| gluster | glusterfs | 3.12.0 ≤ 𝑥 < 3.12.14 |
| gluster | glusterfs | 4.1.0 ≤ 𝑥 < 4.1.8 |
| redhat | virtualization_host | 4.0 |
| debian | debian_linux | 8.0 |
| debian | debian_linux | 9.0 |
| redhat | enterprise_linux_server | 6.0 |
| redhat | enterprise_linux_server | 7.0 |
| opensuse | leap | 15.1 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| glusterfs |
|
Common Weakness Enumeration
- CWE-209 - Generation of Error Message Containing Sensitive InformationThe software generates an error message that includes sensitive information about its environment, users, or associated data.
- CWE-200 - Exposure of Sensitive Information to an Unauthorized ActorThe product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
References