CVE-2018-10841 — Authentication Bypass Using an Alternate Path or Channel in Glusterfs
Severity
8.8HIGHNVD
EPSS
0.7%
top 28.34%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJun 20
Latest updateMay 13
Description
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
4GHSA▶
GHSA-383h-f6wm-hpxc: glusterfs is vulnerable to privilege escalation on gluster server nodes↗2022-05-13
OSV
▶
CVEList
▶
📋Vendor Advisories
3💬Community
6Bugzilla▶
CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [glusterfs upstream]↗2018-06-21
Bugzilla▶
CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [glusterfs upstream]↗2018-06-21
Bugzilla
▶
Bugzilla
▶
Bugzilla▶
CVE-2018-10841 glusterfs: access trusted peer group via remote-host command [glusterfs upstream]↗2018-06-20