All the vulnerabilites related to Red Hat, Inc. - GlusterFS
cve-2018-1088
Vulnerability from cvelistv5
Published
2018-04-18 16:00
Modified
2024-08-05 03:51
Severity ?
EPSS score ?
Summary
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
References
▼ | URL | Tags |
---|---|---|
https://access.redhat.com/errata/RHSA-2018:1137 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1275 | vendor-advisory, x_refsource_REDHAT | |
https://access.redhat.com/errata/RHSA-2018:1524 | vendor-advisory, x_refsource_REDHAT | |
https://bugzilla.redhat.com/show_bug.cgi?id=1558721 | x_refsource_CONFIRM | |
https://access.redhat.com/errata/RHSA-2018:1136 | vendor-advisory, x_refsource_REDHAT | |
https://security.gentoo.org/glsa/201904-06 | vendor-advisory, x_refsource_GENTOO | |
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html | vendor-advisory, x_refsource_SUSE | |
https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html | mailing-list, x_refsource_MLIST |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | glusterfs |
Version: 3.x |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T03:51:48.797Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "name": "RHSA-2018:1137", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1137" }, { "name": "RHSA-2018:1275", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1275" }, { "name": "RHSA-2018:1524", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1524" }, { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721" }, { "name": "RHSA-2018:1136", "tags": [ "vendor-advisory", "x_refsource_REDHAT", "x_transferred" ], "url": "https://access.redhat.com/errata/RHSA-2018:1136" }, { "name": "GLSA-201904-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO", "x_transferred" ], "url": "https://security.gentoo.org/glsa/201904-06" }, { "name": "openSUSE-SU-2020:0079", "tags": [ "vendor-advisory", "x_refsource_SUSE", "x_transferred" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" }, { "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST", "x_transferred" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "glusterfs", "vendor": "Red Hat, Inc.", "versions": [ { "status": "affected", "version": "3.x" } ] } ], "datePublic": "2018-04-18T00:00:00", "descriptions": [ { "lang": "en", "value": "A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink." } ], "problemTypes": [ { "descriptions": [ { "cweId": "CWE-266", "description": "CWE-266", "lang": "en", "type": "CWE" } ] } ], "providerMetadata": { "dateUpdated": "2021-11-02T02:06:20", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "name": "RHSA-2018:1137", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1137" }, { "name": "RHSA-2018:1275", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1275" }, { "name": "RHSA-2018:1524", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1524" }, { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1558721" }, { "name": "RHSA-2018:1136", "tags": [ "vendor-advisory", "x_refsource_REDHAT" ], "url": "https://access.redhat.com/errata/RHSA-2018:1136" }, { "name": "GLSA-201904-06", "tags": [ "vendor-advisory", "x_refsource_GENTOO" ], "url": "https://security.gentoo.org/glsa/201904-06" }, { "name": "openSUSE-SU-2020:0079", "tags": [ "vendor-advisory", "x_refsource_SUSE" ], "url": "http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html" }, { "name": "[debian-lts-announce] 20211101 [SECURITY] [DLA 2806-1] glusterfs security update", "tags": [ "mailing-list", "x_refsource_MLIST" ], "url": "https://lists.debian.org/debian-lts-announce/2021/11/msg00000.html" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2018-1088", "datePublished": "2018-04-18T16:00:00Z", "dateReserved": "2017-12-04T00:00:00", "dateUpdated": "2024-08-05T03:51:48.797Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }
cve-2017-15096
Vulnerability from cvelistv5
Published
2017-10-26 17:00
Modified
2024-08-05 19:50
Severity ?
EPSS score ?
Summary
A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service.
References
▼ | URL | Tags |
---|---|---|
https://bugzilla.redhat.com/show_bug.cgi?id=1504255 | x_refsource_CONFIRM |
Impacted products
Vendor | Product | Version | |
---|---|---|---|
▼ | Red Hat, Inc. | GlusterFS |
Version: Prior to 3.10 |
|
{ "containers": { "adp": [ { "providerMetadata": { "dateUpdated": "2024-08-05T19:50:14.965Z", "orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE" }, "references": [ { "tags": [ "x_refsource_CONFIRM", "x_transferred" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255" } ], "title": "CVE Program Container" } ], "cna": { "affected": [ { "product": "GlusterFS", "vendor": "Red Hat, Inc.", "versions": [ { "status": "affected", "version": "Prior to 3.10" } ] } ], "datePublic": "2017-10-19T00:00:00", "descriptions": [ { "lang": "en", "value": "A flaw was found in GlusterFS in versions prior to 3.10. A null pointer dereference in send_brick_req function in glusterfsd/src/gf_attach.c may be used to cause denial of service." } ], "problemTypes": [ { "descriptions": [ { "description": "Null pointer dereference", "lang": "en", "type": "text" } ] } ], "providerMetadata": { "dateUpdated": "2017-10-26T16:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat" }, "references": [ { "tags": [ "x_refsource_CONFIRM" ], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1504255" } ] } }, "cveMetadata": { "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2017-15096", "datePublished": "2017-10-26T17:00:00Z", "dateReserved": "2017-10-08T00:00:00", "dateUpdated": "2024-08-05T19:50:14.965Z", "state": "PUBLISHED" }, "dataType": "CVE_RECORD", "dataVersion": "5.1" }