CVE-2018-1112
Description
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using auth.allow option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Risk Information
Base Score
8.8
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.953
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-api-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-api-devel-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-cli-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-client-xlators-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-devel-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-fuse-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-libs-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update glusterfs-rdma-3.8.4-54.9.el6.x86_64.rpm | Linux |
| (RHSA-2018:1268) Important: glusterfs security update python-gluster-3.8.4-54.9.el6.noarch.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-api-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-api-devel-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-cli-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-client-xlators-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-devel-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-fuse-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-libs-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update glusterfs-rdma-3.8.4-54.8.el7.x86_64.rpm | Linux |
| (RHSA-2018:1269) Important: glusterfs security update python-gluster-3.8.4-54.8.el7.noarch.rpm | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234