) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.
Search Results (Refine Search)
- CPE Product Version: cpe:/a:gluster:glusterfs:2.0.3
| Vuln ID | Summary | CVSS Severity |
|---|---|---|
| CVE-2018-10841 |
glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with --remote-host command to add it self to trusted storage pool and perform privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. Published: June 20, 2018; 2:29:00 PM -0400 |
V3.1: 8.8 HIGH V2.0: 6.5 MEDIUM |
| CVE-2018-1112 |
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. Published: April 25, 2018; 8:29:00 AM -0400 |
V3.0: 8.8 HIGH V2.0: 7.5 HIGH |
| CVE-2017-15096 |
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service. Published: October 26, 2017; 1:29:00 PM -0400 |
V3.0: 3.3 LOW V2.0: 2.1 LOW |