It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way ‘auth.allow’ is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes.
1. Use TLS Authentication to authenticate gluster clients to limit access to gluster storage volumes
2. The gluster server should be on LAN, firewalled to trusted systems, and not reachable from public networks.