CPE Details
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
CPE Name: cpe:2.3:a:gluster:glusterfs:4.0.2:*:*:*:*:*:*:*
Informations
Vendor
glusterProduct
glusterfsVersion
4.0.2Related CVE
| CVE ID | Publié | Description | Score | Gravité |
|---|---|---|---|---|
| It was discovered that fsync(2) system call in glusterfs client code leaks memory. An authenticated attacker could use this flaw to launch a denial of service attack by making gluster clients consume memory of the host machine. | 6.5 |
Moyen |
||
| glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. | 8.8 |
Haute |
||
| glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. | 8.8 |
Haute |
