CVE-2018-10841

6.6MEDIUM

Key Information:

Vendor
Red Hat
Status
Glusterfs
Vendor
CVE Published:
20 June 2018

Summary

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Affected Version(s)

glusterfs all

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2018:1955
vendor-advisoryx_refsource_REDHAT
https://review.gluster.org/#/c/20328/
x_refsource_CONFIRM

CVSS V3.1

Score:
6.6
Severity:
MEDIUM
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Adjacent Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.