Vulnerabilities > Gluster > Glusterfs > 4.1.4

DATE CVE VULNERABILITY TITLE RISK
2018-09-04 CVE-2018-10904 Untrusted Search Path vulnerability in multiple products
It was found that glusterfs server does not properly sanitize file paths in the "trusted.io-stats-dump" extended attribute which is used by the "debug/io-stats" translator.
network
low complexity
gluster redhat debian opensuse CWE-426
6.5
6.5
2018-06-20 CVE-2018-10841 Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products
glusterfs is vulnerable to privilege escalation on gluster server nodes.
network
low complexity
gluster debian CWE-288
8.8
8.8