CVE-2018-1112

Summary

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.

Affected Software

VendorProductVersion RangeStatus
unspecifiedglusterfsglusterfs 3.10.12affected
unspecifiedglusterfsglusterfs 4.0.2affected

Weaknesses

  • CWE-287: CWE-287

ADP Enrichment

CVE Program Container

Additional References

References