{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"state": "REJECTED", "cveId": "CVE-2013-4186", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2023-02-12T00:00:00.000Z", "dateRejected": "2023-02-12T00:00:00.000Z", "dateReserved": "2013-06-12T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2023-02-12T00:00:00.000Z"}, "rejectedReasons": [{"lang": "en", "value": "DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none."}], "id": "CVE-2013-4186", "lastModified": "2023-11-07T02:16:09.143", "metrics": {}, "published": "2015-02-09T15:59:00.147", "references": [], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Rejected"}

{"bugzilla": {"description": "Gluster: access trusted peer group via remote-host command", "id": "990833", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=990833"}, "csaw": false, "cvss": {"cvss_base_score": "6.8", "cvss_scoring_vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "status": "draft"}, "cvss3": {"cvss3_base_score": "0.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:N", "status": "draft"}, "details": ["[REJECTED CVE] Any host, whether a peer member or not, can use the remote-host command to gain access to the trusted peer group. The remote host can peer probe itself, modify the volume, set up geo-rep to a 3rd party, etc. Network security is not enough. Take, for instance, a storage-as-a-service model where you allow untrusted users to mount volumes. Since they need access to 24007 to retrieve their volume configuration, they can also issue remote-host commands."], "name": "CVE-2013-4186", "package_state": [{"cpe": "cpe:/a:redhat:storage:2.0", "fix_state": "Will not fix", "package_name": "glusterfs", "product_name": "Red Hat Storage 2.0"}, {"cpe": "cpe:/a:redhat:storage:2.1", "fix_state": "Affected", "package_name": "glusterfs", "product_name": "Red Hat Storage 2.1"}], "public_date": "2015-02-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-4186\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-4186"], "statement": "This CVE has been rejected, because this is by design, the network and hosts used by Gluster must be trusted.\nRed Hat has evaluated this issue and determined that it does not meet the criteria to be classified as a security vulnerability. This assessment is based on the issue not posing a significant security risk, being a result of misconfiguration or usage error, or falling outside the scope of security considerations. \nAs such, this CVE has been marked as \"Rejected\" in alignment with Red Hat's vulnerability management policies.\nIf you have additional information or concerns regarding this determination, please contact Red Hat Product Security for further clarification."}

{}