8.1
CVE-2018-1088
- EPSS 5.37%
- Veröffentlicht 18.04.2018 16:29:00
- Zuletzt bearbeitet 21.11.2024 03:59:09
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Redhat ≫ Gluster Storage Version >= 3.0 <= 3.13.2
Redhat ≫ Virtualization Version4.0
Redhat ≫ Virtualization Host Version4.0
Redhat ≫ Enterprise Linux Server Version6.0
Redhat ≫ Enterprise Linux Server Version7.0
Debian ≫ Debian Linux Version9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 5.37% | 0.916 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.8 | 8.6 | 6.4 |
AV:N/AC:M/Au:N/C:P/I:P/A:P
|
CWE-266 Incorrect Privilege Assignment
A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
https://access.redhat.com/errata/RHSA-2018:1136
https://access.redhat.com/errata/RHSA-2018:1137
https://access.redhat.com/errata/RHSA-2018:1275
https://access.redhat.com/errata/RHSA-2018:1524
https://bugzilla.redhat.com/show_bug.cgi?id=1558721
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
https://security.gentoo.org/glsa/201904-06