Tendrl API in Red Hat Gluster Storage before 3.4.0 does not immediately remove session tokens after a user logs out. Session tokens remain active for a few minutes allowing attackers to replay tokens acquired via sniffing/MITM attacks and authenticate as the target user.
Weakness
According to WASC, “Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization.”
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gluster_storage | Redhat | * | 3.4 (excluding) |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | python-flask-1:0.10.1-5.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | python-itsdangerous-0:0.23-2.el7 | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-ansible-0:1.6.3-7.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-api-0:1.6.3-5.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-commons-0:1.6.3-12.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-gluster-integration-0:1.6.3-10.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-monitoring-integration-0:1.6.3-11.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-node-agent-0:1.6.3-10.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-notifier-0:1.6.3-4.el7rhgs | * |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | tendrl-ui-0:1.6.3-11.el7rhgs | * |
Potential Mitigations
References
- http://www.securitytracker.com/id/1041597
- https://access.redhat.com/errata/RHSA-2018:2616
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127
- https://github.com/Tendrl/api/pull/422
- http://www.securitytracker.com/id/1041597
- https://access.redhat.com/errata/RHSA-2018:2616
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1127
- https://github.com/Tendrl/api/pull/422