Main Vulnerability Database Vulnerabilities #VU13886

Privilege escalation in GlusterFS - CVE-2018-10841

Published: July 16, 2018 / Updated: July 16, 2018

Vulnerability identifier: #VU13886

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2018-10841

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Gluster Inc.

Affected software:
GlusterFS

Detailed vulnerability description

The vulnerability allows a remote authenticated attacker to gain elevated privileges on the target system.

The vulnerability exists due to boundary error when XXXXX. A remote authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

How to mitigate CVE-2018-10841

Install update from vendor's website.

Sources

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841

Privilege escalation in GlusterFS - CVE-2018-10841

Detailed vulnerability description

How to mitigate CVE-2018-10841

Sources

Please verify you're human