A flaw was found in RPC request using gfs3_rename_req in glusterfs server. An authenticated attacker could use this flaw to write to a destination outside the gluster volume.
To limit exposure of gluster server nodes :
1. gluster server should be on LAN and not reachable from public networks.
2. Use gluster auth.allow and auth.reject.
3. Use TLS certificates to authenticate gluster clients.
caveat: This does not protect from attacks by authenticated gluster clients.