Vulnerability Description
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gluster | Glusterfs | < 3.10.12 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/articles/3422521Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1268Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1269Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112Issue TrackingThird Party Advisory
- https://review.gluster.org/#/c/19899/1..2Vendor Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
- https://access.redhat.com/articles/3422521Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1268Third Party Advisory
- https://access.redhat.com/errata/RHSA-2018:1269Third Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112Issue TrackingThird Party Advisory
- https://review.gluster.org/#/c/19899/1..2Vendor Advisory
FAQ
What is CVE-2018-1112?
CVE-2018-1112 is a vulnerability with a CVSS score of 8.0 (HIGH). glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volume...
How severe is CVE-2018-1112?
CVE-2018-1112 has been rated HIGH with a CVSS base score of 8.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1112?
Check the references section above for vendor advisories and patch information. Affected products include: Gluster Glusterfs.