A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
References
Link | Resource |
---|---|
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | Mailing List Third Party Advisory |
https://access.redhat.com/errata/RHSA-2018:1136 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:1137 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:1275 | Vendor Advisory |
https://access.redhat.com/errata/RHSA-2018:1524 | Vendor Advisory |
https://bugzilla.redhat.com/show_bug.cgi?id=1558721 | Issue Tracking Patch Vendor Advisory |
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/201904-06 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
30 Nov 2021, 22:00
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
|
References | (MLIST) https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html - Mailing List, Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html - Mailing List, Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/201904-06 - Third Party Advisory |
17 Nov 2021, 22:16
Type | Values Removed | Values Added |
---|---|---|
References |
|
10 Nov 2021, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Nov 2021, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-266 |
Information
Published : 2018-04-18 16:29
Updated : 2024-02-04 19:46
NVD link : CVE-2018-1088
Mitre link : CVE-2018-1088
CVE.ORG link : CVE-2018-1088
JSON object : View
Products Affected
redhat
- gluster_storage
- enterprise_linux_server
- virtualization
- virtualization_host
debian
- debian_linux
opensuse
- leap
CWE