Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2018-1112
Modified
More InfoOfficial Page
Source-secalert@redhat.com
View Known Exploited Vulnerability (KEV) details
Published At-25 Apr, 2018 | 12:29
Updated At-09 Oct, 2019 | 23:38

glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.08.8HIGH
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Secondary3.08.0HIGH
CVSS:3.0/AV:A/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Primary2.07.5HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
CPE Matches
gluster
gluster
>>glusterfs>>Versions before 3.10.12(exclusive)
cpe:2.3:a:gluster:glusterfs:*:*:*:*:*:*:*:*
gluster
gluster
>>glusterfs>>4.0.2
cpe:2.3:a:gluster:glusterfs:4.0.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE-287Secondarysecalert@redhat.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.htmlsecalert@redhat.com
N/A
https://access.redhat.com/articles/3422521secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1268secalert@redhat.com
Third Party Advisory
https://access.redhat.com/errata/RHSA-2018:1269secalert@redhat.com
Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112secalert@redhat.com
Issue Tracking
Third Party Advisory
https://review.gluster.org/#/c/19899/1..2secalert@redhat.com
Vendor Advisory
Change History
0Changes found
Details not found