Privilege Escalation Vulnerability in GlusterFS by Red Hat
CVE-2018-10841
6.6MEDIUM
Summary
GlusterFS is susceptible to privilege escalation through an authenticated gluster client utilizing TLS. This vulnerability allows a malicious user to exploit the gluster cli with the --remote-host command, enabling them to incorporate themselves into a trusted storage pool and execute elevated gluster operations, such as adding devices to the trusted pool, starting, stopping, and deleting volumes.
Affected Version(s)
glusterfs all
References
CVSS V3.1
Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved