The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2616 advisory.

    Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides     deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster     Storage Web Administration provides a dashboard view which allows an administrator to get a view of     overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

    Security Fix(es):

    * tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions     (CVE-2018-1127)

    For more details about the security issue(s), including the impact, a CVSS score, and other related     information, refer to the CVE page(s) listed in the References section.

    This issue was discovered by Filip Balk (Red Hat).

    Additional Changes:

    These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and     enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the     Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:

    https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/     3.4/html/3.4_release_notes/

    All users of Red Hat Gluster Storage are advised to upgrade to these     updated packages, which provide numerous bug fixes and enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 7 : RHGS WA (RHSA-2018:2616)

high Nessus Plugin ID 117322

Version 1.13

Version 1.12

Version 1.11

Version 1.10

Version 1.9

Version 1.13 Mar 21, 2025, 4:46 AM CVSS metrics ("CVSSv3 score" set to 8.1) CVSS metrics ("CVSSv3 vector" set to "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H") CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202503210446
Version 1.12 Feb 18, 2025, 11:54 PM Plugin metadata (CVSS 3 Change AC:H --> AC:L where needed) Plugin Feed: 202502182354
Version 1.11 Aug 9, 2024, 7:22 AM Exploit attributes ("Exploitability ease" set to "No known exploits are available") Exploit attributes ("Exploit available" set to "False") Plugin Feed: 202408090722
Version 1.10 Jun 3, 2024, 4:41 PM Plugin metadata Detection (updated detection logic) Plugin Feed: 202406031641
Version 1.9 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") CVSSv2 score source (set to "CVE-2018-1127") Detection (updated detection logic) Plugin metadata Reference Plugin Feed: 202404281425