8.1

CVE-2018-1088

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatGluster Storage Version >= 3.0 <= 3.13.2
RedhatVirtualization Version4.0
RedhatVirtualization Host Version4.0
OpensuseLeap Version15.1
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 5.37% 0.916
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.1 2.2 5.9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-266 Incorrect Privilege Assignment

A product incorrectly assigns a privilege to a particular actor, creating an unintended sphere of control for that actor.

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html
Third Party Advisory
Mailing List
https://access.redhat.com/errata/RHSA-2018:1136
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1137
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1275
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:1524
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1558721
Patch
Vendor Advisory
Issue Tracking
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/201904-06
Third Party Advisory