CVE-2018-1088

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Published : 2018-04-18 16:29 Updated : 2019-10-03 00:03

6.8
CVSS Score More info
Score 6.8 / 10
6.8
Vendor Product Version URI
Redhat Gluster Storage 3.1 cpe:/a:redhat:gluster_storage:3.1
Redhat Virtualization 4.0 cpe:/a:redhat:virtualization:4.0
Redhat Virtualization Host 4.0 cpe:/a:redhat:virtualization_host:4.0
Redhat Enterprise Linux Server 6.0 cpe:/o:redhat:enterprise_linux_server:6.0
Redhat Enterprise Linux Server 7.0 cpe:/o:redhat:enterprise_linux_server:7.0
Redhat Gluster Storage 3.0 cpe:/a:redhat:gluster_storage:3.0
Redhat Gluster Storage 3.0.0 cpe:/a:redhat:gluster_storage:3.0.0
Redhat Gluster Storage 3.2 cpe:/a:redhat:gluster_storage:3.2
Redhat Gluster Storage 3.3 cpe:/a:redhat:gluster_storage:3.3
Redhat Gluster Storage 3.4 cpe:/a:redhat:gluster_storage:3.4
Redhat Gluster Storage 3.13 cpe:/a:redhat:gluster_storage:3.13
Redhat Gluster Storage 3.13.1 cpe:/a:redhat:gluster_storage:3.13.1
Redhat Gluster Storage 3.13.2 cpe:/a:redhat:gluster_storage:3.13.2
  1. Redhat (4) Search CVE
    1. Gluster Storage (9) Search CVE
      1. 3.1
      2. 3.0
      3. 3.0.0
      4. 3.2
      5. 3.3
      6. 3.4
      7. 3.13
      8. 3.13.1
      9. 3.13.2
    2. Virtualization Host (1) Search CVE
      1. 4.0
    3. Enterprise Linux Server (2) Search CVE
      1. 6.0
      2. 7.0
    4. Virtualization (1) Search CVE
      1. 4.0

CWE

There is no CWE for this CVE.

History of changes

Date Event
2019-10-03 00:03
2018-05-23 13:46
2018-05-17 01:29
2018-05-04 01:29
2018-04-20 01:29
2018-04-18 16:29

New CVE