CVE-2018-1088

Опубликовано: 18 апр. 2018

Источник: nvd

CVSS3: 8.1

CVSS2: 6.8

EPSS Низкий

Описание

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1136
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1137
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1275
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1524
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1558721
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201904-06
Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
Mailing List
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1136
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1137
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1275
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1524
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1558721
Issue Tracking
Patch
Vendor Advisory
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
Mailing List
Third Party Advisory
https://security.gentoo.org/glsa/201904-06
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:redhat:gluster_storage:*:*:*:*:*:*:*:*

Версия от 3.0 (включая) до 3.13.2 (включая)

cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*

cpe:2.3:a:redhat:virtualization_host:4.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*

cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*

Конфигурация 2

cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

EPSS

Процентиль: 92%

0.08237

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-266

NVD-CWE-noinfo

Связанные уязвимости

CVE-2018-1088

CVSS3: 8.1

ubuntu

почти 8 лет назад

CVE-2018-1088

CVSS3: 8.3

redhat

почти 8 лет назад

CVE-2018-1088

CVSS3: 8.1

debian

почти 8 лет назад

A privilege escalation flaw was found in gluster 3.x snapshot schedule ...

GHSA-rf3g-r74x-84j6

CVSS3: 8.1

github

больше 3 лет назад

BDU:2021-04142

CVSS3: 8.1

fstec

почти 8 лет назад

Уязвимость функции gluster_shared_storage платформы хранения для физических, виртуальных и облачных сред gluster, позволяющая нарушителю повысить свои привилегии

EPSS

Процентиль: 92%

0.08237

Низкий

8.1 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-266

NVD-CWE-noinfo