CVSS: 8.8EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1112 – glusterfs: auth.allow allows unauthenticated clients to mount gluster volumes (CVE-2018-1088 regression)
https://notcve.org/view.php?id=CVE-2018-1112
glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. NOTE: this vulnerability exists because of a CVE-2018-1088 regression. El servidor glusterfs 3.10.12 y 4.0.2 es vulnerable cuando se emplea la opción "auth.allow", que permite que cualquier cliente de gluster no autenticado se conecte desde cualquier red para montar volúmenes de almacenamiento de gluster. NOTA: esta vulnerabilidad existe debido a una regresión de CVE-2018-1088 It was found that fix for CVE-2018-1088 introduced a new vulnerability in the way 'auth.allow' is implemented in glusterfs server. An unauthenticated gluster client could mount gluster storage volumes. • http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00035.html https://access.redhat.com/articles/3422521 https://access.redhat.com/errata/RHSA-2018:1268 https://access.redhat.com/errata/RHSA-2018:1269 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112 https://review.gluster.org/#/c/19899/1..2 https://access.redhat.com/security/cve/CVE-2018-1112 https://bugzilla.redhat.com/show_bug.cgi?id=1570891 • CWE-287: Improper Authentication •