PT-2018-10440 · Red Hat · Red Hat Gluster Storage

Sidhax

Published

2018-09-11

Updated

2019-10-09

CVE-2018-1127

CVSS v3.1

8.1

High

Vector

AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Red Hat Gluster Storage versions prior to 3.4.0

Description The issue allows attackers to replay session tokens and authenticate as the target user. This can occur when session tokens remain active for a few minutes after a user logs out, enabling attackers to use tokens acquired via sniffing or man-in-the-middle (MITM) attacks.

Recommendations For versions prior to 3.4.0, update to version 3.4.0 or later to resolve the issue.

Fix

Session Fixation

Insufficient Session Expiration

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-384CWE-613

Related Identifiers

CVE-2018-1127

RHSA-2018:2616

Affected Products

Red Hat Gluster Storage

PT-2018-10440 · Red Hat · Red Hat Gluster Storage

CVE-2018-1127

Weakness Enumeration

Related Identifiers

Affected Products

References · 6