CVE-2018-1112

high

Description

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.

References

https://review.gluster.org/#/c/19899/1..2

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112

https://access.redhat.com/errata/RHSA-2018:1269

https://access.redhat.com/errata/RHSA-2018:1268

https://access.redhat.com/articles/3422521

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html

Details

Source: Mitre, NVD

Published: 2018-04-25

Updated: 2019-10-09

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High