CVE-2018-1088 — Incorrect Privilege Assignment in Redhat Gluster Storage
Severity
8.1HIGHNVD
EPSS
10.8%
top 6.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 18
Latest updateMay 13
Description
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages7 packages
Also affects: Debian Linux 9.0
Patches
🔴Vulnerability Details
3📋Vendor Advisories
5Red Hat▶
glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)↗2018-04-19
Red Hat▶
glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled↗2018-04-18
Debian▶
CVE-2018-1088: glusterfs - A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any glu...↗2018
💬Community
9Bugzilla▶
CVE-2018-1112 glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression) [fedora-all]↗2018-04-24
Bugzilla▶
CVE-2018-1112 glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)↗2018-04-23
Bugzilla▶
CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled [fedora-all]↗2018-04-22
Bugzilla▶
CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled [fedora-all]↗2018-04-22
Bugzilla▶
CVE-2018-1088 glusterfs: Privilege escalation via gluster_shared_storage when snapshot scheduling is enabled [fedora-all]↗2018-04-22