CVE-2018-10904 -- glusterfsID: oval:org.secpod.oval:def:2000966 | Date: (C)2019-05-30 (M)2023-12-20 |
Class: VULNERABILITY | Family: unix |
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
Platform: |
Debian 8.x |
Debian 9.x |