2 matches found
CVE-2018-1112
Summary (CVE-2018-1112) GlusterFS server before 3.10.12 and 4.0.2 is vulnerable when using the auth.allow option. This allows any unauthenticated Gluster client to connect from any network and mount Gluster volumes. The issue is a regression from CVE-2018-1088. Connected advisories corroborate th...
CVE-2018-10841
GlusterFS on server nodes is vulnerable to privilege escalation via an authenticated TLS client that uses gluster CLI --remote-host to add itself to the trusted storage pool and perform privileged operations (e.g., managing volumes). The description specifies the root cause as a trust-pool escala...