CVE-2018-10841

Source
https://nvd.nist.gov/vuln/detail/CVE-2018-10841
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10841.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-10841
Related
Published
2018-06-20T18:29:00Z
Modified
2024-10-12T03:04:21.799118Z
Severity
  • 8.8 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

References

Affected packages

Debian:11 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / glusterfs

Package

Name
glusterfs
Purl
pkg:deb/debian/glusterfs?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1.2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gluster/glusterfs

Affected ranges

Type
GIT
Repo
https://github.com/gluster/glusterfs
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.0.0
2.0.0rc2
2.0.0rc3
2.0.0rc5
2.0.0rc6
2.0.0rc7
2.0.0rc8
2.0.0rc9
2.0.1

branchpoint-3.*

branchpoint-3.2

v3.*

v3.0.0
v3.0.0pre1
v3.0.1rc1
v3.0.1rc2
v3.0.1rc3
v3.0.1rc4
v3.0.1rc5
v3.1.0
v3.1.0alpha
v3.1.0beta
v3.1.0prealpha1
v3.1.0prealpha2
v3.1.0prealpha3
v3.1.0prealpha4
v3.1.0qa10
v3.1.0qa11
v3.1.0qa12
v3.1.0qa13
v3.1.0qa14
v3.1.0qa15
v3.1.0qa16
v3.1.0qa17
v3.1.0qa18
v3.1.0qa19
v3.1.0qa2
v3.1.0qa20
v3.1.0qa21
v3.1.0qa22
v3.1.0qa23
v3.1.0qa24
v3.1.0qa25
v3.1.0qa26
v3.1.0qa27
v3.1.0qa28
v3.1.0qa29
v3.1.0qa3
v3.1.0qa30
v3.1.0qa31
v3.1.0qa32
v3.1.0qa33
v3.1.0qa34
v3.1.0qa35
v3.1.0qa36
v3.1.0qa37
v3.1.0qa38
v3.1.0qa39
v3.1.0qa4
v3.1.0qa40
v3.1.0qa41
v3.1.0qa42
v3.1.0qa43
v3.1.0qa44
v3.1.0qa45
v3.1.0qa46
v3.1.0qa5
v3.1.0qa6
v3.1.0qa7
v3.1.0qa8
v3.1.0qa9
v3.1.1
v3.1.1qa1
v3.1.1qa10
v3.1.1qa11
v3.1.1qa2
v3.1.1qa3
v3.1.1qa4
v3.1.1qa5
v3.1.1qa6
v3.1.1qa7
v3.1.1qa8
v3.1.1qa9
v3.1.2
v3.1.2gsyncqa4
v3.1.2gsyncqa5
v3.1.2gsyncqa6
v3.1.2qa1
v3.1.2qa2
v3.1.2qa3
v3.1.2qa4
v3.1.3qa1
v3.1.3qa2
v3.1.3qa3
v3.1.3qa4
v3.1.3qa5
v3.10dev
v3.11dev
v3.12dev
v3.2.0
v3.2.0qa10
v3.2.0qa11
v3.2.0qa12
v3.2.0qa13
v3.2.0qa14
v3.2.0qa15
v3.2.0qa16
v3.2.0qa4
v3.2.0qa5
v3.2.0qa6
v3.2.0qa7
v3.2.0qa8
v3.2.0qa9
v3.3.0beta3
v3.3.0qa1
v3.3.0qa10
v3.3.0qa11
v3.3.0qa12
v3.3.0qa13
v3.3.0qa14
v3.3.0qa15
v3.3.0qa16
v3.3.0qa17
v3.3.0qa18
v3.3.0qa19
v3.3.0qa2
v3.3.0qa20
v3.3.0qa21
v3.3.0qa22
v3.3.0qa23
v3.3.0qa24
v3.3.0qa26
v3.3.0qa27
v3.3.0qa28
v3.3.0qa29
v3.3.0qa3
v3.3.0qa30
v3.3.0qa31
v3.3.0qa32
v3.3.0qa33
v3.3.0qa34
v3.3.0qa35
v3.3.0qa36
v3.3.0qa37
v3.3.0qa38
v3.3.0qa39
v3.3.0qa4
v3.3.0qa5
v3.3.0qa6
v3.3.0qa7
v3.3.0qa8
v3.3.0qa9
v3.3beta2
v3.4.0alpha
v3.4.0qa3
v3.4.0qa4
v3.4.0qa5
v3.4.0qa6
v3.4.0qa7
v3.4.0qa8
v3.5.0qa1
v3.5qa2
v3.7dev
v3.8dev
v3.9dev

v4.*

v4.0dev
v4.0dev1
v4.1.0
v4.1.0alpha
v4.1.0rc0
v4.1.1
v4.1.2
v4.1.3
v4.1.4
v4.1.5
v4.1.6
v4.1.7
v4.1dev
v4.2dev