DEBIAN-CVE-2018-10928

DEBIAN-CVE-2018-10928 PUBLISHED CVSS 8.800000190734863 HIGH

A flaw was found in RPC request using gfs3_symlink_req in glusterfs server which allows symlink destinations to point to file paths outside of the gluster volume. An authenticated attacker could use this flaw to create arbitrary symlinks pointing anywhere on the server and execute arbitrary code on glusterfs server nodes.

Risk Scores

CVSS 3.1

8.800000190734863

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:14	glusterfs	0, 0, 0
Debian:11	glusterfs	0, 0, 0
Debian:13	glusterfs	0, 0, 0
Debian:12	glusterfs	0, 0, 0

Timeline

Sep 4, 2018 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2018-10928 advisory

Open in Interactive Console →