CVE-2018-1088

8.1HIGH

Key Information:

Vendor
Red Hat
Status
Glusterfs
Vendor
CVE Published:
18 April 2018

Badges

πŸ‘Ύ Exploit Exists🟑 Public PoC

Summary

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Affected Version(s)

glusterfs 3.x

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

GEVAUDAN
Created by MauroEldritch

References

https://access.redhat.com/errata/RHSA-2018:1137
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1275
vendor-advisoryx_refsource_REDHAT
https://access.redhat.com/errata/RHSA-2018:1524
vendor-advisoryx_refsource_REDHAT

CVSS V3.1

Score:
8.1
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟑

    Public PoC available

  • πŸ‘Ύ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.