First published: Mon Apr 23 2018(Updated: )
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/glusterfs | <3.10.12 | 3.10.12 |
redhat/glusterfs | <4.0.2 | 4.0.2 |
Gluster GlusterFS | <3.10.12 | |
Gluster GlusterFS | =4.0.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this glusterfs server vulnerability is CVE-2018-1112.
The CVE-2018-1112 vulnerability has a severity rating of 8.8 (High).
Versions 3.10.12 and 4.0.2 of glusterfs server are affected by CVE-2018-1112.
To fix the CVE-2018-1112 vulnerability, update glusterfs server to version 3.10.12 or 4.0.2.
You can find more information about the CVE-2018-1112 vulnerability in the references provided: [link 1](http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html), [link 2](https://access.redhat.com/articles/3422521), [link 3](https://access.redhat.com/errata/RHSA-2018:1268).