PT-2018-10316 · Red Hat+1 · Glusterfs+1

Pedro Sampaio

Publicado

2018-04-25

Atualizado

2020-01-20

CVE-2018-1112

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions glusterfs versions prior to 3.10.12 glusterfs versions prior to 4.0.2

Description The issue allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes when using the auth.allow option. This is due to a regression of a previously fixed issue.

Recommendations For versions prior to 3.10.12, update to version 3.10.12 or later. For versions prior to 4.0.2, update to version 4.0.2 or later.

Correção

Improper Authentication

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-287

Identificadores relacionados

CVE-2018-1112

OPENSUSE-SU-2020:0079-1

OPENSUSE-SU-2020_0079-1

RHSA-2018:1268

RHSA-2018:1269

Produtos afetados

Suse

Glusterfs

PT-2018-10316 · Red Hat+1 · Glusterfs+1

CVE-2018-1112

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 59