glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with –remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes.
Weakness
The product requires authentication, but the product has an alternate path or channel that does not require authentication.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Glusterfs | Gluster | * | 4.1.8 (excluding) |
| Native Client for RHEL 6 for Red Hat Storage | RedHat | glusterfs-0:3.8.4-54.11.el6 | * |
| Native Client for RHEL 7 for Red Hat Storage | RedHat | glusterfs-0:3.8.4-54.10.el7 | * |
| Red Hat Gluster Storage 3.3 for RHEL 6 | RedHat | glusterfs-0:3.8.4-54.11.el6rhs | * |
| Red Hat Gluster Storage 3.3 for RHEL 7 | RedHat | glusterfs-0:3.8.4-54.10.el7rhgs | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | glusterfs-0:3.8.4-54.10.el7 | * |
| Glusterfs | Ubuntu | artful | * |
| Glusterfs | Ubuntu | bionic | * |
| Glusterfs | Ubuntu | cosmic | * |
| Glusterfs | Ubuntu | esm-apps/bionic | * |
| Glusterfs | Ubuntu | esm-apps/xenial | * |
| Glusterfs | Ubuntu | xenial | * |
Potential Mitigations
Related Attack Patterns
References
- https://access.redhat.com/errata/RHSA-2018:1954
- https://access.redhat.com/errata/RHSA-2018:1955
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://review.gluster.org/#/c/20328/
- https://security.gentoo.org/glsa/201904-06
- https://access.redhat.com/errata/RHSA-2018:1954
- https://access.redhat.com/errata/RHSA-2018:1955
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10841
- https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html
- https://review.gluster.org/#/c/20328/
- https://security.gentoo.org/glsa/201904-06