CVE-2018-10841

Summary

CVE	CVE-2018-10841
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2018-06-20 18:29:00 UTC
Updated	2023-02-12 23:31:00 UTC
Description	glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.

Risk And Classification

Problem Types: CWE-288

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	9.0	All	All	All
Application	Gluster	Glusterfs	All	All	All	All
Application	Gluster	Glusterfs	All	All	All	All

References

Reference	Source	Link	Tags
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
1582043 – (CVE-2018-10841) CVE-2018-10841 glusterfs: access trusted peer group via remote-host command	MISC	bugzilla.redhat.com
1582043 – (CVE-2018-10841) CVE-2018-10841 glusterfs: access trusted peer group via remote-host command	CONFIRM	bugzilla.redhat.com	Issue Tracking, Third Party Advisory
Red Hat Customer Portal	REDHAT	access.redhat.com	Third Party Advisory
CVE-2018-10841 - Red Hat Customer Portal	MISC	access.redhat.com
Gerrit Code Review	CONFIRM	review.gluster.org	Patch, Third Party Advisory
GlusterFS: Multiple Vulnerabilities (GLSA 201904-06) — Gentoo security	GENTOO	security.gentoo.org
[SECURITY] [DLA 2806-1] glusterfs security update	MLIST	lists.debian.org
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

178862 Debian Security Update for glusterfs (DLA 2806-1)
710178 Gentoo Linux GlusterFS Multiple Vulnerabilities Vulnerability (GLSA 201904-06)