vulnerability
Huawei EulerOS: CVE-2018-10904: glusterfs security update
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:P/I:P/A:P) | Sep 4, 2018 | Sep 28, 2020 | Aug 13, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:P/I:P/A:P)
Published
Sep 4, 2018
Added
Sep 28, 2020
Modified
Aug 13, 2025
Description
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
Solutions
huawei-euleros-2_0_sp3-upgrade-glusterfshuawei-euleros-2_0_sp3-upgrade-glusterfs-apihuawei-euleros-2_0_sp3-upgrade-glusterfs-client-xlatorshuawei-euleros-2_0_sp3-upgrade-glusterfs-fusehuawei-euleros-2_0_sp3-upgrade-glusterfs-libshuawei-euleros-2_0_sp3-upgrade-glusterfs-rdma
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.