Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2018-1127 (GCVE-0-2018-1127)
Vulnerability from cvelistv5
Published
2018-09-11 15:00
Modified
2024-08-05 03:51
Severity ?
VLAI Severity ?
EPSS score ?
CWE
Summary
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securitytracker.com/id/1041597 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2616 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://github.com/Tendrl/api/pull/422 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041597 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2616 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tendrl/api/pull/422 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Red Hat | Red Hat Gluster Storage |
Version: 3.4.0 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T03:51:48.782Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "RHSA-2018:2616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"name": "1041597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id/1041597"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Red Hat Gluster Storage",
"vendor": "Red Hat",
"versions": [
{
"status": "affected",
"version": "3.4.0"
}
]
}
],
"datePublic": "2018-05-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-613",
"description": "CWE-613",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-09-12T09:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "RHSA-2018:2616",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"name": "1041597",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id/1041597"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage",
"version": {
"version_data": [
{
"version_value": "3.4.0"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2616",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"name": "1041597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041597"
},
{
"name": "https://github.com/Tendrl/api/pull/422",
"refsource": "CONFIRM",
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2018-1127",
"datePublished": "2018-09-11T15:00:00",
"dateReserved": "2017-12-04T00:00:00",
"dateUpdated": "2024-08-05T03:51:48.782Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2018-1127\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2018-09-11T15:29:00.593\",\"lastModified\":\"2024-11-21T03:59:14.433\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.\"},{\"lang\":\"es\",\"value\":\"Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesi\u00f3n una vez el usuario ha cerrado sesi\u00f3n. Los tokens de sesi\u00f3n siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autentic\u00e1ndose como el usuario objetivo.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N\",\"baseScore\":4.2,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.6,\"impactScore\":2.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-613\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-384\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"3.4\",\"matchCriteriaId\":\"E591E3BF-E10E-4502-9E50-58316A6588C3\"}]}]}],\"references\":[{\"url\":\"http://www.securitytracker.com/id/1041597\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2616\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Tendrl/api/pull/422\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"http://www.securitytracker.com/id/1041597\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://access.redhat.com/errata/RHSA-2018:2616\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/Tendrl/api/pull/422\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
}
}
rhsa-2018:2616
Vulnerability from csaf_redhat
Published
2018-09-05 23:49
Modified
2025-09-26 05:02
Summary
Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update
Notes
Topic
Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Filip Balák (Red Hat).
Additional Changes:
These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/
3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these
updated packages, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Filip Bal\u00e1k (Red Hat).\n\nAdditional Changes:\n\nThese updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/\n3.4/html/3.4_release_notes/\n\nAll users of Red Hat Gluster Storage are advised to upgrade to these\nupdated packages, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2616",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/",
"url": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/"
},
{
"category": "external",
"summary": "1502012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502012"
},
{
"category": "external",
"summary": "1506123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506123"
},
{
"category": "external",
"summary": "1511993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511993"
},
{
"category": "external",
"summary": "1512091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512091"
},
{
"category": "external",
"summary": "1512696",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512696"
},
{
"category": "external",
"summary": "1512937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512937"
},
{
"category": "external",
"summary": "1513361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513361"
},
{
"category": "external",
"summary": "1513993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513993"
},
{
"category": "external",
"summary": "1514171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514171"
},
{
"category": "external",
"summary": "1514442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514442"
},
{
"category": "external",
"summary": "1515213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515213"
},
{
"category": "external",
"summary": "1515252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515252"
},
{
"category": "external",
"summary": "1515660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515660"
},
{
"category": "external",
"summary": "1516135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516135"
},
{
"category": "external",
"summary": "1516417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516417"
},
{
"category": "external",
"summary": "1517077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517077"
},
{
"category": "external",
"summary": "1517132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517132"
},
{
"category": "external",
"summary": "1517215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517215"
},
{
"category": "external",
"summary": "1517246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517246"
},
{
"category": "external",
"summary": "1517270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517270"
},
{
"category": "external",
"summary": "1517422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517422"
},
{
"category": "external",
"summary": "1518276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518276"
},
{
"category": "external",
"summary": "1518516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518516"
},
{
"category": "external",
"summary": "1518525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518525"
},
{
"category": "external",
"summary": "1518610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518610"
},
{
"category": "external",
"summary": "1518678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518678"
},
{
"category": "external",
"summary": "1518736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518736"
},
{
"category": "external",
"summary": "1519158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519158"
},
{
"category": "external",
"summary": "1519178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519178"
},
{
"category": "external",
"summary": "1519188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519188"
},
{
"category": "external",
"summary": "1519201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519201"
},
{
"category": "external",
"summary": "1519218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519218"
},
{
"category": "external",
"summary": "1519724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519724"
},
{
"category": "external",
"summary": "1519750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519750"
},
{
"category": "external",
"summary": "1520886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520886"
},
{
"category": "external",
"summary": "1525376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525376"
},
{
"category": "external",
"summary": "1526338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526338"
},
{
"category": "external",
"summary": "1526375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526375"
},
{
"category": "external",
"summary": "1531133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531133"
},
{
"category": "external",
"summary": "1531139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531139"
},
{
"category": "external",
"summary": "1536354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536354"
},
{
"category": "external",
"summary": "1538248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538248"
},
{
"category": "external",
"summary": "1542914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542914"
},
{
"category": "external",
"summary": "1546957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546957"
},
{
"category": "external",
"summary": "1549146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549146"
},
{
"category": "external",
"summary": "1555455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555455"
},
{
"category": "external",
"summary": "1558431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558431"
},
{
"category": "external",
"summary": "1559362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559362"
},
{
"category": "external",
"summary": "1559364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559364"
},
{
"category": "external",
"summary": "1559365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559365"
},
{
"category": "external",
"summary": "1559368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559368"
},
{
"category": "external",
"summary": "1559373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559373"
},
{
"category": "external",
"summary": "1559379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559379"
},
{
"category": "external",
"summary": "1559387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559387"
},
{
"category": "external",
"summary": "1559390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559390"
},
{
"category": "external",
"summary": "1559396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559396"
},
{
"category": "external",
"summary": "1559399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559399"
},
{
"category": "external",
"summary": "1559401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559401"
},
{
"category": "external",
"summary": "1559402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559402"
},
{
"category": "external",
"summary": "1559405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559405"
},
{
"category": "external",
"summary": "1559415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559415"
},
{
"category": "external",
"summary": "1559416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559416"
},
{
"category": "external",
"summary": "1559417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559417"
},
{
"category": "external",
"summary": "1559421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559421"
},
{
"category": "external",
"summary": "1559426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559426"
},
{
"category": "external",
"summary": "1559432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559432"
},
{
"category": "external",
"summary": "1559433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559433"
},
{
"category": "external",
"summary": "1559436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559436"
},
{
"category": "external",
"summary": "1559486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559486"
},
{
"category": "external",
"summary": "1559507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559507"
},
{
"category": "external",
"summary": "1559690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559690"
},
{
"category": "external",
"summary": "1559792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559792"
},
{
"category": "external",
"summary": "1559901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559901"
},
{
"category": "external",
"summary": "1560492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560492"
},
{
"category": "external",
"summary": "1560879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560879"
},
{
"category": "external",
"summary": "1561374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561374"
},
{
"category": "external",
"summary": "1561428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561428"
},
{
"category": "external",
"summary": "1561468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561468"
},
{
"category": "external",
"summary": "1563519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563519"
},
{
"category": "external",
"summary": "1563648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563648"
},
{
"category": "external",
"summary": "1564107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564107"
},
{
"category": "external",
"summary": "1564175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564175"
},
{
"category": "external",
"summary": "1564423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564423"
},
{
"category": "external",
"summary": "1564510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564510"
},
{
"category": "external",
"summary": "1565479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565479"
},
{
"category": "external",
"summary": "1565898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565898"
},
{
"category": "external",
"summary": "1570048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570048"
},
{
"category": "external",
"summary": "1570564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570564"
},
{
"category": "external",
"summary": "1570616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570616"
},
{
"category": "external",
"summary": "1571235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571235"
},
{
"category": "external",
"summary": "1571244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571244"
},
{
"category": "external",
"summary": "1571245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571245"
},
{
"category": "external",
"summary": "1571280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571280"
},
{
"category": "external",
"summary": "1571318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571318"
},
{
"category": "external",
"summary": "1571325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571325"
},
{
"category": "external",
"summary": "1571755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571755"
},
{
"category": "external",
"summary": "1571809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571809"
},
{
"category": "external",
"summary": "1572052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572052"
},
{
"category": "external",
"summary": "1572090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572090"
},
{
"category": "external",
"summary": "1572118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572118"
},
{
"category": "external",
"summary": "1572151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572151"
},
{
"category": "external",
"summary": "1572216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572216"
},
{
"category": "external",
"summary": "1573079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573079"
},
{
"category": "external",
"summary": "1573110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573110"
},
{
"category": "external",
"summary": "1573481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573481"
},
{
"category": "external",
"summary": "1573928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573928"
},
{
"category": "external",
"summary": "1573950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573950"
},
{
"category": "external",
"summary": "1574938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574938"
},
{
"category": "external",
"summary": "1574942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574942"
},
{
"category": "external",
"summary": "1575040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575040"
},
{
"category": "external",
"summary": "1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "1575891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575891"
},
{
"category": "external",
"summary": "1576794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576794"
},
{
"category": "external",
"summary": "1576829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576829"
},
{
"category": "external",
"summary": "1576848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576848"
},
{
"category": "external",
"summary": "1578009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578009"
},
{
"category": "external",
"summary": "1578329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578329"
},
{
"category": "external",
"summary": "1578333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578333"
},
{
"category": "external",
"summary": "1578885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578885"
},
{
"category": "external",
"summary": "1579148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579148"
},
{
"category": "external",
"summary": "1579150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579150"
},
{
"category": "external",
"summary": "1579152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579152"
},
{
"category": "external",
"summary": "1579516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579516"
},
{
"category": "external",
"summary": "1579937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579937"
},
{
"category": "external",
"summary": "1580385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580385"
},
{
"category": "external",
"summary": "1580509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580509"
},
{
"category": "external",
"summary": "1581212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581212"
},
{
"category": "external",
"summary": "1581718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581718"
},
{
"category": "external",
"summary": "1581736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581736"
},
{
"category": "external",
"summary": "1581789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581789"
},
{
"category": "external",
"summary": "1582465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582465"
},
{
"category": "external",
"summary": "1583171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583171"
},
{
"category": "external",
"summary": "1584095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584095"
},
{
"category": "external",
"summary": "1584660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584660"
},
{
"category": "external",
"summary": "1585116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585116"
},
{
"category": "external",
"summary": "1585715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585715"
},
{
"category": "external",
"summary": "1586074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586074"
},
{
"category": "external",
"summary": "1588357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588357"
},
{
"category": "external",
"summary": "1588440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588440"
},
{
"category": "external",
"summary": "1588650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588650"
},
{
"category": "external",
"summary": "1590405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590405"
},
{
"category": "external",
"summary": "1592464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592464"
},
{
"category": "external",
"summary": "1592487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592487"
},
{
"category": "external",
"summary": "1592991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592991"
},
{
"category": "external",
"summary": "1592992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592992"
},
{
"category": "external",
"summary": "1593640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593640"
},
{
"category": "external",
"summary": "1593852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593852"
},
{
"category": "external",
"summary": "1593912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593912"
},
{
"category": "external",
"summary": "1594762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594762"
},
{
"category": "external",
"summary": "1594862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594862"
},
{
"category": "external",
"summary": "1594899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594899"
},
{
"category": "external",
"summary": "1594994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594994"
},
{
"category": "external",
"summary": "1595005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595005"
},
{
"category": "external",
"summary": "1595013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595013"
},
{
"category": "external",
"summary": "1595015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595015"
},
{
"category": "external",
"summary": "1595016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595016"
},
{
"category": "external",
"summary": "1595052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595052"
},
{
"category": "external",
"summary": "1595295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595295"
},
{
"category": "external",
"summary": "1596655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596655"
},
{
"category": "external",
"summary": "1596820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596820"
},
{
"category": "external",
"summary": "1596862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596862"
},
{
"category": "external",
"summary": "1597235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597235"
},
{
"category": "external",
"summary": "1599634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599634"
},
{
"category": "external",
"summary": "1599985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599985"
},
{
"category": "external",
"summary": "1599987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599987"
},
{
"category": "external",
"summary": "1600092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600092"
},
{
"category": "external",
"summary": "1600113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600113"
},
{
"category": "external",
"summary": "1603175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1603175"
},
{
"category": "external",
"summary": "1610266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610266"
},
{
"category": "external",
"summary": "1611601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611601"
},
{
"category": "external",
"summary": "1616208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616208"
},
{
"category": "external",
"summary": "1616215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616215"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2616.json"
}
],
"title": "Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-09-26T05:02:37+00:00",
"generator": {
"date": "2025-09-26T05:02:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2018:2616",
"initial_release_date": "2018-09-05T23:49:45+00:00",
"revision_history": [
{
"date": "2018-09-05T23:49:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-09-05T23:49:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T05:02:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:na:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask-doc@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_id": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api-httpd@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-grafana-plugins@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product_id": "python-itsdangerous-0:0.23-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Filip Bal\u00e1k"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1127",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2018-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575835"
}
],
"notes": [
{
"category": "description",
"text": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1127"
},
{
"category": "external",
"summary": "RHBZ#1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1127"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127"
}
],
"release_date": "2018-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-05T23:49:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions"
}
]
}
rhsa-2018_2616
Vulnerability from csaf_redhat
Published
2018-09-05 23:49
Modified
2024-11-15 00:34
Summary
Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update
Notes
Topic
Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Filip Balák (Red Hat).
Additional Changes:
These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/
3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these
updated packages, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Filip Bal\u00e1k (Red Hat).\n\nAdditional Changes:\n\nThese updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/\n3.4/html/3.4_release_notes/\n\nAll users of Red Hat Gluster Storage are advised to upgrade to these\nupdated packages, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2616",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/",
"url": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/"
},
{
"category": "external",
"summary": "1502012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502012"
},
{
"category": "external",
"summary": "1506123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506123"
},
{
"category": "external",
"summary": "1511993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511993"
},
{
"category": "external",
"summary": "1512091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512091"
},
{
"category": "external",
"summary": "1512696",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512696"
},
{
"category": "external",
"summary": "1512937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512937"
},
{
"category": "external",
"summary": "1513361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513361"
},
{
"category": "external",
"summary": "1513993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513993"
},
{
"category": "external",
"summary": "1514171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514171"
},
{
"category": "external",
"summary": "1514442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514442"
},
{
"category": "external",
"summary": "1515213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515213"
},
{
"category": "external",
"summary": "1515252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515252"
},
{
"category": "external",
"summary": "1515660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515660"
},
{
"category": "external",
"summary": "1516135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516135"
},
{
"category": "external",
"summary": "1516417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516417"
},
{
"category": "external",
"summary": "1517077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517077"
},
{
"category": "external",
"summary": "1517132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517132"
},
{
"category": "external",
"summary": "1517215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517215"
},
{
"category": "external",
"summary": "1517246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517246"
},
{
"category": "external",
"summary": "1517270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517270"
},
{
"category": "external",
"summary": "1517422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517422"
},
{
"category": "external",
"summary": "1518276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518276"
},
{
"category": "external",
"summary": "1518516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518516"
},
{
"category": "external",
"summary": "1518525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518525"
},
{
"category": "external",
"summary": "1518610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518610"
},
{
"category": "external",
"summary": "1518678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518678"
},
{
"category": "external",
"summary": "1518736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518736"
},
{
"category": "external",
"summary": "1519158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519158"
},
{
"category": "external",
"summary": "1519178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519178"
},
{
"category": "external",
"summary": "1519188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519188"
},
{
"category": "external",
"summary": "1519201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519201"
},
{
"category": "external",
"summary": "1519218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519218"
},
{
"category": "external",
"summary": "1519724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519724"
},
{
"category": "external",
"summary": "1519750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519750"
},
{
"category": "external",
"summary": "1520886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520886"
},
{
"category": "external",
"summary": "1525376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525376"
},
{
"category": "external",
"summary": "1526338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526338"
},
{
"category": "external",
"summary": "1526375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526375"
},
{
"category": "external",
"summary": "1531133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531133"
},
{
"category": "external",
"summary": "1531139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531139"
},
{
"category": "external",
"summary": "1536354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536354"
},
{
"category": "external",
"summary": "1538248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538248"
},
{
"category": "external",
"summary": "1542914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542914"
},
{
"category": "external",
"summary": "1546957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546957"
},
{
"category": "external",
"summary": "1549146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549146"
},
{
"category": "external",
"summary": "1555455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555455"
},
{
"category": "external",
"summary": "1558431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558431"
},
{
"category": "external",
"summary": "1559362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559362"
},
{
"category": "external",
"summary": "1559364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559364"
},
{
"category": "external",
"summary": "1559365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559365"
},
{
"category": "external",
"summary": "1559368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559368"
},
{
"category": "external",
"summary": "1559373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559373"
},
{
"category": "external",
"summary": "1559379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559379"
},
{
"category": "external",
"summary": "1559387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559387"
},
{
"category": "external",
"summary": "1559390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559390"
},
{
"category": "external",
"summary": "1559396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559396"
},
{
"category": "external",
"summary": "1559399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559399"
},
{
"category": "external",
"summary": "1559401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559401"
},
{
"category": "external",
"summary": "1559402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559402"
},
{
"category": "external",
"summary": "1559405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559405"
},
{
"category": "external",
"summary": "1559415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559415"
},
{
"category": "external",
"summary": "1559416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559416"
},
{
"category": "external",
"summary": "1559417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559417"
},
{
"category": "external",
"summary": "1559421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559421"
},
{
"category": "external",
"summary": "1559426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559426"
},
{
"category": "external",
"summary": "1559432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559432"
},
{
"category": "external",
"summary": "1559433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559433"
},
{
"category": "external",
"summary": "1559436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559436"
},
{
"category": "external",
"summary": "1559486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559486"
},
{
"category": "external",
"summary": "1559507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559507"
},
{
"category": "external",
"summary": "1559690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559690"
},
{
"category": "external",
"summary": "1559792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559792"
},
{
"category": "external",
"summary": "1559901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559901"
},
{
"category": "external",
"summary": "1560492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560492"
},
{
"category": "external",
"summary": "1560879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560879"
},
{
"category": "external",
"summary": "1561374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561374"
},
{
"category": "external",
"summary": "1561428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561428"
},
{
"category": "external",
"summary": "1561468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561468"
},
{
"category": "external",
"summary": "1563519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563519"
},
{
"category": "external",
"summary": "1563648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563648"
},
{
"category": "external",
"summary": "1564107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564107"
},
{
"category": "external",
"summary": "1564175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564175"
},
{
"category": "external",
"summary": "1564423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564423"
},
{
"category": "external",
"summary": "1564510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564510"
},
{
"category": "external",
"summary": "1565479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565479"
},
{
"category": "external",
"summary": "1565898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565898"
},
{
"category": "external",
"summary": "1570048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570048"
},
{
"category": "external",
"summary": "1570564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570564"
},
{
"category": "external",
"summary": "1570616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570616"
},
{
"category": "external",
"summary": "1571235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571235"
},
{
"category": "external",
"summary": "1571244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571244"
},
{
"category": "external",
"summary": "1571245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571245"
},
{
"category": "external",
"summary": "1571280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571280"
},
{
"category": "external",
"summary": "1571318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571318"
},
{
"category": "external",
"summary": "1571325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571325"
},
{
"category": "external",
"summary": "1571755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571755"
},
{
"category": "external",
"summary": "1571809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571809"
},
{
"category": "external",
"summary": "1572052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572052"
},
{
"category": "external",
"summary": "1572090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572090"
},
{
"category": "external",
"summary": "1572118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572118"
},
{
"category": "external",
"summary": "1572151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572151"
},
{
"category": "external",
"summary": "1572216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572216"
},
{
"category": "external",
"summary": "1573079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573079"
},
{
"category": "external",
"summary": "1573110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573110"
},
{
"category": "external",
"summary": "1573481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573481"
},
{
"category": "external",
"summary": "1573928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573928"
},
{
"category": "external",
"summary": "1573950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573950"
},
{
"category": "external",
"summary": "1574938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574938"
},
{
"category": "external",
"summary": "1574942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574942"
},
{
"category": "external",
"summary": "1575040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575040"
},
{
"category": "external",
"summary": "1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "1575891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575891"
},
{
"category": "external",
"summary": "1576794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576794"
},
{
"category": "external",
"summary": "1576829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576829"
},
{
"category": "external",
"summary": "1576848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576848"
},
{
"category": "external",
"summary": "1578009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578009"
},
{
"category": "external",
"summary": "1578329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578329"
},
{
"category": "external",
"summary": "1578333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578333"
},
{
"category": "external",
"summary": "1578885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578885"
},
{
"category": "external",
"summary": "1579148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579148"
},
{
"category": "external",
"summary": "1579150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579150"
},
{
"category": "external",
"summary": "1579152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579152"
},
{
"category": "external",
"summary": "1579516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579516"
},
{
"category": "external",
"summary": "1579937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579937"
},
{
"category": "external",
"summary": "1580385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580385"
},
{
"category": "external",
"summary": "1580509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580509"
},
{
"category": "external",
"summary": "1581212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581212"
},
{
"category": "external",
"summary": "1581718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581718"
},
{
"category": "external",
"summary": "1581736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581736"
},
{
"category": "external",
"summary": "1581789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581789"
},
{
"category": "external",
"summary": "1582465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582465"
},
{
"category": "external",
"summary": "1583171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583171"
},
{
"category": "external",
"summary": "1584095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584095"
},
{
"category": "external",
"summary": "1584660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584660"
},
{
"category": "external",
"summary": "1585116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585116"
},
{
"category": "external",
"summary": "1585715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585715"
},
{
"category": "external",
"summary": "1586074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586074"
},
{
"category": "external",
"summary": "1588357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588357"
},
{
"category": "external",
"summary": "1588440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588440"
},
{
"category": "external",
"summary": "1588650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588650"
},
{
"category": "external",
"summary": "1590405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590405"
},
{
"category": "external",
"summary": "1592464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592464"
},
{
"category": "external",
"summary": "1592487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592487"
},
{
"category": "external",
"summary": "1592991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592991"
},
{
"category": "external",
"summary": "1592992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592992"
},
{
"category": "external",
"summary": "1593640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593640"
},
{
"category": "external",
"summary": "1593852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593852"
},
{
"category": "external",
"summary": "1593912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593912"
},
{
"category": "external",
"summary": "1594762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594762"
},
{
"category": "external",
"summary": "1594862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594862"
},
{
"category": "external",
"summary": "1594899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594899"
},
{
"category": "external",
"summary": "1594994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594994"
},
{
"category": "external",
"summary": "1595005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595005"
},
{
"category": "external",
"summary": "1595013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595013"
},
{
"category": "external",
"summary": "1595015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595015"
},
{
"category": "external",
"summary": "1595016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595016"
},
{
"category": "external",
"summary": "1595052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595052"
},
{
"category": "external",
"summary": "1595295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595295"
},
{
"category": "external",
"summary": "1596655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596655"
},
{
"category": "external",
"summary": "1596820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596820"
},
{
"category": "external",
"summary": "1596862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596862"
},
{
"category": "external",
"summary": "1597235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597235"
},
{
"category": "external",
"summary": "1599634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599634"
},
{
"category": "external",
"summary": "1599985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599985"
},
{
"category": "external",
"summary": "1599987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599987"
},
{
"category": "external",
"summary": "1600092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600092"
},
{
"category": "external",
"summary": "1600113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600113"
},
{
"category": "external",
"summary": "1603175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1603175"
},
{
"category": "external",
"summary": "1610266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610266"
},
{
"category": "external",
"summary": "1611601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611601"
},
{
"category": "external",
"summary": "1616208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616208"
},
{
"category": "external",
"summary": "1616215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616215"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2616.json"
}
],
"title": "Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2024-11-15T00:34:22+00:00",
"generator": {
"date": "2024-11-15T00:34:22+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2018:2616",
"initial_release_date": "2018-09-05T23:49:45+00:00",
"revision_history": [
{
"date": "2018-09-05T23:49:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-09-05T23:49:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-15T00:34:22+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:na:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask-doc@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_id": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api-httpd@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-grafana-plugins@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product_id": "python-itsdangerous-0:0.23-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Filip Bal\u00e1k"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1127",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2018-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575835"
}
],
"notes": [
{
"category": "description",
"text": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1127"
},
{
"category": "external",
"summary": "RHBZ#1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1127"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127"
}
],
"release_date": "2018-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-05T23:49:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions"
}
]
}
RHSA-2018:2616
Vulnerability from csaf_redhat
Published
2018-09-05 23:49
Modified
2025-09-26 05:02
Summary
Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update
Notes
Topic
Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Filip Balák (Red Hat).
Additional Changes:
These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/
3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these
updated packages, which provide numerous bug fixes and enhancements.
Terms of Use
This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Low"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Updated Red Hat Gluster Storage Wed Administration packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Gluster Storage 3.4 on Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.\n\nSecurity Fix(es):\n\n* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)\n\nFor more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.\n\nThis issue was discovered by Filip Bal\u00e1k (Red Hat).\n\nAdditional Changes:\n\nThese updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:\n\nhttps://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/\n3.4/html/3.4_release_notes/\n\nAll users of Red Hat Gluster Storage are advised to upgrade to these\nupdated packages, which provide numerous bug fixes and enhancements.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2018:2616",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#low",
"url": "https://access.redhat.com/security/updates/classification/#low"
},
{
"category": "external",
"summary": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/",
"url": "https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/"
},
{
"category": "external",
"summary": "1502012",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1502012"
},
{
"category": "external",
"summary": "1506123",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1506123"
},
{
"category": "external",
"summary": "1511993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1511993"
},
{
"category": "external",
"summary": "1512091",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512091"
},
{
"category": "external",
"summary": "1512696",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512696"
},
{
"category": "external",
"summary": "1512937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1512937"
},
{
"category": "external",
"summary": "1513361",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513361"
},
{
"category": "external",
"summary": "1513993",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1513993"
},
{
"category": "external",
"summary": "1514171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514171"
},
{
"category": "external",
"summary": "1514442",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1514442"
},
{
"category": "external",
"summary": "1515213",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515213"
},
{
"category": "external",
"summary": "1515252",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515252"
},
{
"category": "external",
"summary": "1515660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1515660"
},
{
"category": "external",
"summary": "1516135",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516135"
},
{
"category": "external",
"summary": "1516417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1516417"
},
{
"category": "external",
"summary": "1517077",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517077"
},
{
"category": "external",
"summary": "1517132",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517132"
},
{
"category": "external",
"summary": "1517215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517215"
},
{
"category": "external",
"summary": "1517246",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517246"
},
{
"category": "external",
"summary": "1517270",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517270"
},
{
"category": "external",
"summary": "1517422",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1517422"
},
{
"category": "external",
"summary": "1518276",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518276"
},
{
"category": "external",
"summary": "1518516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518516"
},
{
"category": "external",
"summary": "1518525",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518525"
},
{
"category": "external",
"summary": "1518610",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518610"
},
{
"category": "external",
"summary": "1518678",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518678"
},
{
"category": "external",
"summary": "1518736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1518736"
},
{
"category": "external",
"summary": "1519158",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519158"
},
{
"category": "external",
"summary": "1519178",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519178"
},
{
"category": "external",
"summary": "1519188",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519188"
},
{
"category": "external",
"summary": "1519201",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519201"
},
{
"category": "external",
"summary": "1519218",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519218"
},
{
"category": "external",
"summary": "1519724",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519724"
},
{
"category": "external",
"summary": "1519750",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1519750"
},
{
"category": "external",
"summary": "1520886",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1520886"
},
{
"category": "external",
"summary": "1525376",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1525376"
},
{
"category": "external",
"summary": "1526338",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526338"
},
{
"category": "external",
"summary": "1526375",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1526375"
},
{
"category": "external",
"summary": "1531133",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531133"
},
{
"category": "external",
"summary": "1531139",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1531139"
},
{
"category": "external",
"summary": "1536354",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1536354"
},
{
"category": "external",
"summary": "1538248",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1538248"
},
{
"category": "external",
"summary": "1542914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1542914"
},
{
"category": "external",
"summary": "1546957",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1546957"
},
{
"category": "external",
"summary": "1549146",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1549146"
},
{
"category": "external",
"summary": "1555455",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1555455"
},
{
"category": "external",
"summary": "1558431",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558431"
},
{
"category": "external",
"summary": "1559362",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559362"
},
{
"category": "external",
"summary": "1559364",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559364"
},
{
"category": "external",
"summary": "1559365",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559365"
},
{
"category": "external",
"summary": "1559368",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559368"
},
{
"category": "external",
"summary": "1559373",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559373"
},
{
"category": "external",
"summary": "1559379",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559379"
},
{
"category": "external",
"summary": "1559387",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559387"
},
{
"category": "external",
"summary": "1559390",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559390"
},
{
"category": "external",
"summary": "1559396",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559396"
},
{
"category": "external",
"summary": "1559399",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559399"
},
{
"category": "external",
"summary": "1559401",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559401"
},
{
"category": "external",
"summary": "1559402",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559402"
},
{
"category": "external",
"summary": "1559405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559405"
},
{
"category": "external",
"summary": "1559415",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559415"
},
{
"category": "external",
"summary": "1559416",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559416"
},
{
"category": "external",
"summary": "1559417",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559417"
},
{
"category": "external",
"summary": "1559421",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559421"
},
{
"category": "external",
"summary": "1559426",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559426"
},
{
"category": "external",
"summary": "1559432",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559432"
},
{
"category": "external",
"summary": "1559433",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559433"
},
{
"category": "external",
"summary": "1559436",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559436"
},
{
"category": "external",
"summary": "1559486",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559486"
},
{
"category": "external",
"summary": "1559507",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559507"
},
{
"category": "external",
"summary": "1559690",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559690"
},
{
"category": "external",
"summary": "1559792",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559792"
},
{
"category": "external",
"summary": "1559901",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1559901"
},
{
"category": "external",
"summary": "1560492",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560492"
},
{
"category": "external",
"summary": "1560879",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1560879"
},
{
"category": "external",
"summary": "1561374",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561374"
},
{
"category": "external",
"summary": "1561428",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561428"
},
{
"category": "external",
"summary": "1561468",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1561468"
},
{
"category": "external",
"summary": "1563519",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563519"
},
{
"category": "external",
"summary": "1563648",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1563648"
},
{
"category": "external",
"summary": "1564107",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564107"
},
{
"category": "external",
"summary": "1564175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564175"
},
{
"category": "external",
"summary": "1564423",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564423"
},
{
"category": "external",
"summary": "1564510",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1564510"
},
{
"category": "external",
"summary": "1565479",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565479"
},
{
"category": "external",
"summary": "1565898",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1565898"
},
{
"category": "external",
"summary": "1570048",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570048"
},
{
"category": "external",
"summary": "1570564",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570564"
},
{
"category": "external",
"summary": "1570616",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1570616"
},
{
"category": "external",
"summary": "1571235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571235"
},
{
"category": "external",
"summary": "1571244",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571244"
},
{
"category": "external",
"summary": "1571245",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571245"
},
{
"category": "external",
"summary": "1571280",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571280"
},
{
"category": "external",
"summary": "1571318",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571318"
},
{
"category": "external",
"summary": "1571325",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571325"
},
{
"category": "external",
"summary": "1571755",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571755"
},
{
"category": "external",
"summary": "1571809",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1571809"
},
{
"category": "external",
"summary": "1572052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572052"
},
{
"category": "external",
"summary": "1572090",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572090"
},
{
"category": "external",
"summary": "1572118",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572118"
},
{
"category": "external",
"summary": "1572151",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572151"
},
{
"category": "external",
"summary": "1572216",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1572216"
},
{
"category": "external",
"summary": "1573079",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573079"
},
{
"category": "external",
"summary": "1573110",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573110"
},
{
"category": "external",
"summary": "1573481",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573481"
},
{
"category": "external",
"summary": "1573928",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573928"
},
{
"category": "external",
"summary": "1573950",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1573950"
},
{
"category": "external",
"summary": "1574938",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574938"
},
{
"category": "external",
"summary": "1574942",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1574942"
},
{
"category": "external",
"summary": "1575040",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575040"
},
{
"category": "external",
"summary": "1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "1575891",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575891"
},
{
"category": "external",
"summary": "1576794",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576794"
},
{
"category": "external",
"summary": "1576829",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576829"
},
{
"category": "external",
"summary": "1576848",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576848"
},
{
"category": "external",
"summary": "1578009",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578009"
},
{
"category": "external",
"summary": "1578329",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578329"
},
{
"category": "external",
"summary": "1578333",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578333"
},
{
"category": "external",
"summary": "1578885",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1578885"
},
{
"category": "external",
"summary": "1579148",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579148"
},
{
"category": "external",
"summary": "1579150",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579150"
},
{
"category": "external",
"summary": "1579152",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579152"
},
{
"category": "external",
"summary": "1579516",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579516"
},
{
"category": "external",
"summary": "1579937",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1579937"
},
{
"category": "external",
"summary": "1580385",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580385"
},
{
"category": "external",
"summary": "1580509",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1580509"
},
{
"category": "external",
"summary": "1581212",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581212"
},
{
"category": "external",
"summary": "1581718",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581718"
},
{
"category": "external",
"summary": "1581736",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581736"
},
{
"category": "external",
"summary": "1581789",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1581789"
},
{
"category": "external",
"summary": "1582465",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1582465"
},
{
"category": "external",
"summary": "1583171",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1583171"
},
{
"category": "external",
"summary": "1584095",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584095"
},
{
"category": "external",
"summary": "1584660",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1584660"
},
{
"category": "external",
"summary": "1585116",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585116"
},
{
"category": "external",
"summary": "1585715",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1585715"
},
{
"category": "external",
"summary": "1586074",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1586074"
},
{
"category": "external",
"summary": "1588357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588357"
},
{
"category": "external",
"summary": "1588440",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588440"
},
{
"category": "external",
"summary": "1588650",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1588650"
},
{
"category": "external",
"summary": "1590405",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1590405"
},
{
"category": "external",
"summary": "1592464",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592464"
},
{
"category": "external",
"summary": "1592487",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592487"
},
{
"category": "external",
"summary": "1592991",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592991"
},
{
"category": "external",
"summary": "1592992",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1592992"
},
{
"category": "external",
"summary": "1593640",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593640"
},
{
"category": "external",
"summary": "1593852",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593852"
},
{
"category": "external",
"summary": "1593912",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1593912"
},
{
"category": "external",
"summary": "1594762",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594762"
},
{
"category": "external",
"summary": "1594862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594862"
},
{
"category": "external",
"summary": "1594899",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594899"
},
{
"category": "external",
"summary": "1594994",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1594994"
},
{
"category": "external",
"summary": "1595005",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595005"
},
{
"category": "external",
"summary": "1595013",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595013"
},
{
"category": "external",
"summary": "1595015",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595015"
},
{
"category": "external",
"summary": "1595016",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595016"
},
{
"category": "external",
"summary": "1595052",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595052"
},
{
"category": "external",
"summary": "1595295",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1595295"
},
{
"category": "external",
"summary": "1596655",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596655"
},
{
"category": "external",
"summary": "1596820",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596820"
},
{
"category": "external",
"summary": "1596862",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1596862"
},
{
"category": "external",
"summary": "1597235",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1597235"
},
{
"category": "external",
"summary": "1599634",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599634"
},
{
"category": "external",
"summary": "1599985",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599985"
},
{
"category": "external",
"summary": "1599987",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1599987"
},
{
"category": "external",
"summary": "1600092",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600092"
},
{
"category": "external",
"summary": "1600113",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1600113"
},
{
"category": "external",
"summary": "1603175",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1603175"
},
{
"category": "external",
"summary": "1610266",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1610266"
},
{
"category": "external",
"summary": "1611601",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1611601"
},
{
"category": "external",
"summary": "1616208",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616208"
},
{
"category": "external",
"summary": "1616215",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616215"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2018/rhsa-2018_2616.json"
}
],
"title": "Red Hat Security Advisory: RHGS WA security, bug fix, and enhancement update",
"tracking": {
"current_release_date": "2025-09-26T05:02:37+00:00",
"generator": {
"date": "2025-09-26T05:02:37+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.8"
}
},
"id": "RHSA-2018:2616",
"initial_release_date": "2018-09-05T23:49:45+00:00",
"revision_history": [
{
"date": "2018-09-05T23:49:45+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2018-09-05T23:49:45+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2025-09-26T05:02:37+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:wa:el7"
}
}
},
{
"category": "product_name",
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product": {
"name": "Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:storage:3.4:na:el7"
}
}
}
],
"category": "product_family",
"name": "Red Hat Gluster Storage"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask-doc@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=noarch\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_id": "python-itsdangerous-0:0.23-2.el7.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api-httpd@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-grafana-plugins@1.6.3-11.el7rhgs?arch=noarch"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=noarch"
}
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_id": "python-flask-1:0.10.1-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-flask@0.10.1-5.el7rhgs?arch=src\u0026epoch=1"
}
}
},
{
"category": "product_version",
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product": {
"name": "python-itsdangerous-0:0.23-2.el7.src",
"product_id": "python-itsdangerous-0:0.23-2.el7.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/python-itsdangerous@0.23-2.el7?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_id": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-notifier@1.6.3-4.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_id": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-api@1.6.3-5.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-node-agent@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_id": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-commons@1.6.3-12.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_id": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ansible@1.6.3-7.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-ui@1.6.3-11.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_id": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-gluster-integration@1.6.3-10.el7rhgs?arch=src"
}
}
},
{
"category": "product_version",
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_id": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/tendrl-monitoring-integration@1.6.3-11.el7rhgs?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration Node Agent on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-NodeAgent"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-1:0.10.1-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src"
},
"product_reference": "python-flask-1:0.10.1-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch"
},
"product_reference": "python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-itsdangerous-0:0.23-2.el7.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src"
},
"product_reference": "python-itsdangerous-0:0.23-2.el7.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ansible-0:1.6.3-7.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src"
},
"product_reference": "tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-0:1.6.3-5.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src"
},
"product_reference": "tendrl-api-0:1.6.3-5.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch"
},
"product_reference": "tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-commons-0:1.6.3-12.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src"
},
"product_reference": "tendrl-commons-0:1.6.3-12.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src"
},
"product_reference": "tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-notifier-0:1.6.3-4.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src"
},
"product_reference": "tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "tendrl-ui-0:1.6.3-11.el7rhgs.src as a component of Red Hat Gluster 3.4 Web Administration on RHEL-7",
"product_id": "7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
},
"product_reference": "tendrl-ui-0:1.6.3-11.el7rhgs.src",
"relates_to_product_reference": "7Server-RH-Gluster-3.4-WebAdministration"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Filip Bal\u00e1k"
],
"organization": "Red Hat",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2018-1127",
"cwe": {
"id": "CWE-613",
"name": "Insufficient Session Expiration"
},
"discovery_date": "2018-05-08T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "1575835"
}
],
"notes": [
{
"category": "description",
"text": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions",
"title": "Vulnerability summary"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2018-1127"
},
{
"category": "external",
"summary": "RHBZ#1575835",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1575835"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2018-1127",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-1127"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127"
}
],
"release_date": "2018-05-08T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2018-09-05T23:49:45+00:00",
"details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"products": [
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-gluster-integration-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-NodeAgent:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-1:0.10.1-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:python-flask-doc-1:0.10.1-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:python-itsdangerous-0:0.23-2.el7.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ansible-0:1.6.3-7.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-0:1.6.3-5.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-api-httpd-0:1.6.3-5.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-commons-0:1.6.3-12.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-grafana-plugins-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-monitoring-integration-0:1.6.3-11.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-node-agent-0:1.6.3-10.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-notifier-0:1.6.3-4.el7rhgs.src",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.noarch",
"7Server-RH-Gluster-3.4-WebAdministration:tendrl-ui-0:1.6.3-11.el7rhgs.src"
]
}
],
"threats": [
{
"category": "impact",
"details": "Low"
}
],
"title": "tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions"
}
]
}
ghsa-jwq3-h8rx-wcwj
Vulnerability from github
Published
2022-05-13 01:33
Modified
2022-05-13 01:33
Severity ?
VLAI Severity ?
Details
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
{
"affected": [],
"aliases": [
"CVE-2018-1127"
],
"database_specific": {
"cwe_ids": [
"CWE-384"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2018-09-11T15:29:00Z",
"severity": "HIGH"
},
"details": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"id": "GHSA-jwq3-h8rx-wcwj",
"modified": "2022-05-13T01:33:30Z",
"published": "2022-05-13T01:33:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1127"
},
{
"type": "WEB",
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1041597"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
gsd-2018-1127
Vulnerability from gsd
Modified
2023-12-13 01:22
Details
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2018-1127",
"description": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"id": "GSD-2018-1127",
"references": [
"https://access.redhat.com/errata/RHSA-2018:2616"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2018-1127"
],
"details": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.",
"id": "GSD-2018-1127",
"modified": "2023-12-13T01:22:36.865957Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1127",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Red Hat Gluster Storage",
"version": {
"version_data": [
{
"version_value": "3.4.0"
}
]
}
}
]
},
"vendor_name": "Red Hat"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."
}
]
},
"impact": {
"cvss": [
[
{
"vectorString": "4.2/CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
}
]
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-613"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "RHSA-2018:2616",
"refsource": "REDHAT",
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"name": "1041597",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id/1041597"
},
{
"name": "https://github.com/Tendrl/api/pull/422",
"refsource": "CONFIRM",
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2018-1127"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/Tendrl/api/pull/422",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
},
{
"name": "RHSA-2018:2616",
"refsource": "REDHAT",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"name": "1041597",
"refsource": "SECTRACK",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041597"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2019-10-09T23:38Z",
"publishedDate": "2018-09-11T15:29Z"
}
}
}
fkie_cve-2018-1127
Vulnerability from fkie_nvd
Published
2018-09-11 15:29
Modified
2024-11-21 03:59
Severity ?
4.2 (Medium) - CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 (High) - CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| secalert@redhat.com | http://www.securitytracker.com/id/1041597 | Third Party Advisory, VDB Entry | |
| secalert@redhat.com | https://access.redhat.com/errata/RHSA-2018:2616 | Vendor Advisory | |
| secalert@redhat.com | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 | Issue Tracking, Patch, Vendor Advisory | |
| secalert@redhat.com | https://github.com/Tendrl/api/pull/422 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securitytracker.com/id/1041597 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://access.redhat.com/errata/RHSA-2018:2616 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127 | Issue Tracking, Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/Tendrl/api/pull/422 | Patch, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| redhat | gluster_storage | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*",
"matchCriteriaId": "E591E3BF-E10E-4502-9E50-58316A6588C3",
"versionEndExcluding": "3.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user."
},
{
"lang": "es",
"value": "Tendrl API en Red Hat Gluster Storage en versiones anteriores a la 3.4.0 no elimina inmediatamente los tokens de sesi\u00f3n una vez el usuario ha cerrado sesi\u00f3n. Los tokens de sesi\u00f3n siguen activos durante unos pocos minutos, lo que permite que los atacantes reproduzcan los tokens adquiridos mediante ataques de rastreo o Man-in-the-Middle (MitM) y autentic\u00e1ndose como el usuario objetivo."
}
],
"id": "CVE-2018-1127",
"lastModified": "2024-11-21T03:59:14.433",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 1.6,
"impactScore": 2.5,
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-09-11T15:29:00.593",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041597"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
},
{
"source": "secalert@redhat.com",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Tendrl/api/pull/422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securitytracker.com/id/1041597"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://access.redhat.com/errata/RHSA-2018:2616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Vendor Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/Tendrl/api/pull/422"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-613"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-384"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cnvd-2018-11998
Vulnerability from cnvd
Title: Tendrl API会话劫持漏洞
Description:
Tendrl API是一套能够为Ceph和Cluster存储提供安装、存储配置、生命周期管理、监控和警报功能的API。
Tendrl API中存在会话劫持漏洞。攻击者可利用该漏洞获取受影响软件的访问权限。
Severity: 中
Patch Name: Tendrl API会话劫持漏洞的补丁
Patch Description:
Tendrl API是一套能够为Ceph和Cluster存储提供安装、存储配置、生命周期管理、监控和警报功能的API。
Tendrl API中存在会话劫持漏洞。攻击者可利用该漏洞获取受影响软件的访问权限。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description:
目前厂商已发布升级补丁以修复漏洞,补丁获取链接: https://github.com/Tendrl/api/pull/422
Reference: http://www.securityfocus.com/bid/104126
Impacted products
| Name | ['Tendrl API 1.2.3', 'Tendrl API 1.2.2', 'Tendrl API 1.2.1', 'Tendrl API 1.2', 'Tendrl API 1.1', 'Tendrl API 1.0'] |
|---|
{
"bids": {
"bid": {
"bidNumber": "104126"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2018-1127"
}
},
"description": "Tendrl API\u662f\u4e00\u5957\u80fd\u591f\u4e3aCeph\u548cCluster\u5b58\u50a8\u63d0\u4f9b\u5b89\u88c5\u3001\u5b58\u50a8\u914d\u7f6e\u3001\u751f\u547d\u5468\u671f\u7ba1\u7406\u3001\u76d1\u63a7\u548c\u8b66\u62a5\u529f\u80fd\u7684API\u3002\r\n\r\nTendrl API\u4e2d\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u8f6f\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u3002",
"discovererName": "Filip Bal\u00c3\u00a1k of Red Hat.",
"formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5:\r\nhttps://github.com/Tendrl/api/pull/422",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2018-11998",
"openTime": "2018-06-25",
"patchDescription": "Tendrl API\u662f\u4e00\u5957\u80fd\u591f\u4e3aCeph\u548cCluster\u5b58\u50a8\u63d0\u4f9b\u5b89\u88c5\u3001\u5b58\u50a8\u914d\u7f6e\u3001\u751f\u547d\u5468\u671f\u7ba1\u7406\u3001\u76d1\u63a7\u548c\u8b66\u62a5\u529f\u80fd\u7684API\u3002\r\n\r\nTendrl API\u4e2d\u5b58\u5728\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u83b7\u53d6\u53d7\u5f71\u54cd\u8f6f\u4ef6\u7684\u8bbf\u95ee\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Tendrl API\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": [
"Tendrl API 1.2.3",
"Tendrl API 1.2.2",
"Tendrl API 1.2.1",
"Tendrl API 1.2",
"Tendrl API 1.1",
"Tendrl API 1.0"
]
},
"referenceLink": "http://www.securityfocus.com/bid/104126",
"serverity": "\u4e2d",
"submitTime": "2018-06-06",
"title": "Tendrl API\u4f1a\u8bdd\u52ab\u6301\u6f0f\u6d1e"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…