Lucene search

K

RedhatCVELIST:CVE-2018-1088

HistoryApr 18, 2018 - 4:00 p.m.

CVE-2018-1088

2018-04-1816:00:00

CWE-266

redhat

www.cve.org

9

AI Score

8.1

Confidence

High

EPSS

0.008

Percentile

81.9%

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

CNA Affected

[
  {
    "product": "glusterfs",
    "vendor": "Red Hat, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "3.x"
      }
    ]
  }
]

References

lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

access.redhat.com/errata/RHSA-2018:1136

access.redhat.com/errata/RHSA-2018:1137

access.redhat.com/errata/RHSA-2018:1275

access.redhat.com/errata/RHSA-2018:1524

bugzilla.redhat.com/show_bug.cgi?id=1558721

lists.debian.org/debian-lts-announce/2021/11/msg00000.html

security.gentoo.org/glsa/201904-06

AI Score

8.1

Confidence

High

EPSS

0.008

Percentile

81.9%

Related for CVELIST:CVE-2018-1088

nessus14 redhatcve3 fedora3 ubuntucve2 prion2 redhat6 debiancve2 openvas6 veracode2 osv4 nvd2 cve2 cvelist1 suse1 debian1 gentoo1 ubuntu1