QwikSec

Security Database

CVE

CWE

Training

CVE-2018-10841

Published: Jun 20, 2018

Modified: Aug 5, 2024

PUBLISHED

CVSS v3.0

6.6

MEDIUM

Description

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Vendor	Product	Versions
Red Hat	glusterfs	affected `all`

Weaknesses (CWE)

CVSS v3.0 Details

CVSS v3.0 Vector

CVSS:3.0/AV:A/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

https://review.gluster.org/#/c/20328/

x_refsource_CONFIRM

vendor-advisory

x_refsource_REDHAT

vendor-advisory

x_refsource_GENTOO

[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.