Lucene search

K

RedhatCVELIST:CVE-2018-1088

HistoryApr 18, 2018 - 4:00 p.m.

CVE-2018-1088

2018-04-1816:00:00

CWE-266

redhat

www.cve.org

8.1 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

CNA Affected

[
  {
    "product": "glusterfs",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.x"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

access.redhat.com/errata/RHSA-2018:1136

access.redhat.com/errata/RHSA-2018:1137

access.redhat.com/errata/RHSA-2018:1275

access.redhat.com/errata/RHSA-2018:1524

bugzilla.redhat.com/show_bug.cgi?id=1558721

lists.debian.org/debian-lts-announce/2021/11/msg00000.html

security.gentoo.org/glsa/201904-06

8.1 High

AI Score

Confidence

High

0.008 Low

EPSS

Percentile

81.9%

Related for CVELIST:CVE-2018-1088

nessus14 openvas6 veracode2 redhatcve3 fedora3 osv4 cve2 nvd2 prion2 redhat6 debiancve2 ubuntucve2 cvelist1 suse1 gentoo1 debian1 ubuntu1