CVE-2018-1088

Published: Apr 18, 2018

Modified: Aug 5, 2024

PUBLISHED

Description

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Vendor	Product	Versions
Red Hat, Inc.	glusterfs	affected `3.x`

Weaknesses (CWE)

CWE-266

References

RHSA-2018:1137

vendor-advisory

x_refsource_REDHAT

RHSA-2018:1275

vendor-advisory

x_refsource_REDHAT

RHSA-2018:1524

vendor-advisory

x_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=1558721

x_refsource_CONFIRM

RHSA-2018:1136

vendor-advisory

x_refsource_REDHAT

GLSA-201904-06

vendor-advisory

x_refsource_GENTOO

openSUSE-SU-2020:0079

vendor-advisory

x_refsource_SUSE

[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2018-1088

Description

Affected Products

Weaknesses (CWE)

References