Описание
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | ignored | end of standard support, was needed |
| cosmic | not-affected | 4.0.2-1 |
| devel | not-affected | 4.0.2-1 |
| disco | not-affected | 4.0.2-1 |
| eoan | not-affected | 4.0.2-1 |
| esm-apps/bionic | released | 3.13.2-1ubuntu1+esm1 |
| esm-apps/focal | not-affected | 4.0.2-1 |
| esm-apps/xenial | released | 3.7.6-1ubuntu1+esm1 |
| esm-infra-legacy/trusty | not-affected | code not present |
Показывать по
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3
Связанные уязвимости
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
A privilege escalation flaw was found in gluster 3.x snapshot schedule ...
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Уязвимость функции gluster_shared_storage платформы хранения для физических, виртуальных и облачных сред gluster, позволяющая нарушителю повысить свои привилегии
EPSS
6.8 Medium
CVSS2
8.1 High
CVSS3