CVE-2018-1112
published 2018-04-25CVE-2018-1112: glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from…
high8.8CVSS 3.0
AVNACLPRLUINSUCHIHAH
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | glusterfs | — | — |
| gluster | glusterfs | < 3.10.12 | 3.10.12 |
| gluster | glusterfs | — | — |
| gluster | glusterfs | >= 0 < 3.7.6-1ubuntu1+esm1 | 3.7.6-1ubuntu1+esm1 |
| gluster | glusterfs | >= 0 < 3.13.2-1ubuntu1+esm1 | 3.13.2-1ubuntu1+esm1 |
CVSS provenance
nvdv3.08.8HIGHCVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
osv8.1HIGH