CVE-2018-10930 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
redhat	CNA	6.5 MEDIUM	NETWORK	LOW	LOW	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Vendor	Product	Version
gluster	glusterfs	3.12 ≤ 𝑥 < 3.12.14
gluster	glusterfs	4.1 ≤ 𝑥 < 4.1.4
redhat	enterprise_linux	6.0
redhat	enterprise_linux	7.0
redhat	enterprise_linux_server	7.0
debian	debian_linux	8.0
debian	debian_linux	9.0
redhat	virtualization	4.0
redhat	virtualization_host	4.0
opensuse	leap	15.1

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

glusterfs

bullseye	9.2-1 fixed
bookworm	10.3-5 fixed
sid	11.1-5 fixed
trixie	11.1-5 fixed

Ubuntu Releases

Ubuntu Product

Codename

glusterfs

lunar	not-affected
kinetic	not-affected
jammy	not-affected
impish	not-affected
hirsute	not-affected
groovy	not-affected
focal	not-affected
eoan	not-affected
disco	not-affected
cosmic	ignored
bionic	Fixed 3.13.2-1ubuntu1+esm1 released
xenial	Fixed 3.7.6-1ubuntu1+esm1 released
trusty	Fixed 3.4.2-1ubuntu1+esm1 released

Common Weakness Enumeration

CWE-20 - Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

https://access.redhat.com/errata/RHSA-2018:2607

https://access.redhat.com/errata/RHSA-2018:2608

https://access.redhat.com/errata/RHSA-2018:3470

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

https://review.gluster.org/#/c/glusterfs/+/21068/

https://security.gentoo.org/glsa/201904-06

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

https://access.redhat.com/errata/RHSA-2018:2607

https://access.redhat.com/errata/RHSA-2018:2608

https://access.redhat.com/errata/RHSA-2018:3470

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10930

https://lists.debian.org/debian-lts-announce/2018/09/msg00021.html

https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html

https://review.gluster.org/#/c/glusterfs/+/21068/

https://security.gentoo.org/glsa/201904-06