glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using auth.allow option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Glusterfs | Gluster | * | 3.10.12 (excluding) |
Glusterfs | Gluster | 4.0.2 (including) | 4.0.2 (including) |
Native Client for RHEL 6 for Red Hat Storage | RedHat | glusterfs-0:3.8.4-54.9.el6 | * |
Native Client for RHEL 7 for Red Hat Storage | RedHat | glusterfs-0:3.8.4-54.8.el7 | * |
Red Hat Gluster Storage 3.3 for RHEL 6 | RedHat | glusterfs-0:3.8.4-54.9.el6rhs | * |
Red Hat Gluster Storage 3.3 for RHEL 7 | RedHat | glusterfs-0:3.8.4-54.8.el7rhgs | * |
Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | glusterfs-0:3.8.4-54.8.el7 | * |
Glusterfs | Ubuntu | artful | * |
Glusterfs | Ubuntu | bionic | * |
Glusterfs | Ubuntu | xenial | * |