High severity8.8NVD Advisory· Published Sep 4, 2018· Updated Jun 17, 2026
CVE-2018-10904
CVE-2018-10904
Description
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator. Attacker can use this flaw to create files and execute arbitrary code. To exploit this attacker would require sufficient access to modify the extended attributes of files on a gluster volume.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Red Hat/glusterfsv5Range: n/a
Patches
Vulnerability mechanics
References
9- review.gluster.orgnvdPatchVendor Advisory
- lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.htmlnvdMailing ListThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2607nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:2608nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3470nvdThird Party Advisory
- bugzilla.redhat.com/show_bug.cginvdIssue TrackingMitigationThird Party Advisory
- lists.debian.org/debian-lts-announce/2018/09/msg00021.htmlnvdMailing ListThird Party Advisory
- lists.debian.org/debian-lts-announce/2021/11/msg00000.htmlnvdMailing ListThird Party Advisory
- security.gentoo.org/glsa/201904-06nvdThird Party Advisory
News mentions
0No linked articles in our index yet.