CVE-2018-1088
N/A
N/A
Summary
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat, Inc. | glusterfs | 3.x | affected |
Weaknesses
- CWE-266: CWE-266
ADP Enrichment
CVE Program Container
Additional References
- https://access.redhat.com/errata/RHSA-2018:1137
- https://access.redhat.com/errata/RHSA-2018:1275
- https://access.redhat.com/errata/RHSA-2018:1524
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- https://access.redhat.com/errata/RHSA-2018:1136
- https://security.gentoo.org/glsa/201904-06
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
References
- https://access.redhat.com/errata/RHSA-2018:1137
- https://access.redhat.com/errata/RHSA-2018:1275
- https://access.redhat.com/errata/RHSA-2018:1524
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721
- https://access.redhat.com/errata/RHSA-2018:1136
- https://security.gentoo.org/glsa/201904-06
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.