Описание
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
A flaw was found in glusterfs which can lead to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
Отчет
Red Hat Enterprise Linux 6, 7 are not affected by this flaw as it only affects glusterfs-server package. Red Hat Virtualization Hypervisor is not impacted by this flaw, as it uses gluster in a controlled manner via vdsm.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | glusterfs | Not affected | ||
| Red Hat Enterprise Linux 8 | glusterfs | Not affected | ||
| Red Hat Virtualization 4 | redhat-virtualization-host | Not affected | ||
| Native Client for RHEL 6 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:1955 | 20.06.2018 |
| Native Client for RHEL 7 for Red Hat Storage | glusterfs | Fixed | RHSA-2018:1954 | 20.06.2018 |
| Red Hat Gluster Storage 3.3 for RHEL 6 | glusterfs | Fixed | RHSA-2018:1955 | 20.06.2018 |
| Red Hat Gluster Storage 3.3 for RHEL 7 | glusterfs | Fixed | RHSA-2018:1954 | 20.06.2018 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | glusterfs | Fixed | RHSA-2018:1954 | 20.06.2018 |
Показывать по
Дополнительная информация
Статус:
6.6 Medium
CVSS3
Связанные уязвимости
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
glusterfs is vulnerable to privilege escalation on gluster server node ...
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
6.6 Medium
CVSS3