CVE-2018-1088
8.1
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Exploitability: 2.2 / Impact: 5.9
Source: NVD
Description
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Affected (7)
Products: Redhat: Enterprise Linux Server, Gluster Storage, Virtualization, Virtualization Host · Opensuse: Leap · Debian: Debian Linux
Configuration A
| Vulnerable Software | Affected Versions |
|---|---|
| Version 6.0 | |
| From 3.0 to 3.13.2 | |
| Version 4.0 | |
| Version 4.0 |
Configuration C
| Vulnerable Software | Affected Versions |
|---|---|
| Version 9.0 |
References (16)
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: secalert@redhat.com
Issue TrackingPatchVendor Advisory
Source: secalert@redhat.com
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Timeline
No history available yet.