← Volver a CVEs
CVE-2018-1088
HIGH8.1
Descripcion
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Detalles CVE
Puntuacion CVSS v3.18.1
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vector de ataqueNETWORK
ComplejidadHIGH
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado4/18/2018
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxopensuse:leapredhat:enterprise_linux_serverredhat:gluster_storageredhat:virtualizationredhat:virtualization_host
Debilidades (CWE)
CWE-266
Referencias
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1136(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1137(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1275(secalert@redhat.com)
https://access.redhat.com/errata/RHSA-2018:1524(secalert@redhat.com)
https://bugzilla.redhat.com/show_bug.cgi?id=1558721(secalert@redhat.com)
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html(secalert@redhat.com)
https://security.gentoo.org/glsa/201904-06(secalert@redhat.com)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1136(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1137(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1275(af854a3a-2127-422b-91ae-364da2661108)
https://access.redhat.com/errata/RHSA-2018:1524(af854a3a-2127-422b-91ae-364da2661108)
https://bugzilla.redhat.com/show_bug.cgi?id=1558721(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/201904-06(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.