Candidate: CVE-2018-1112
PublicDate: 2018-04-25 12:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1112
 https://bugzilla.redhat.com/show_bug.cgi?id=1570891
 https://access.redhat.com/articles/3422521
 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-1112
 https://review.gluster.org/#/c/19899/1..2
Description:
 glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using
 'auth.allow' option which allows any unauthenticated gluster client to
 connect from any network to mount gluster storage volumes. NOTE: this
 vulnerability exists because of a CVE-2018-1088 regression.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_glusterfs:
upstream_glusterfs: needs-triage
precise/esm_glusterfs: DNE
trusty_glusterfs: not-affected (code not present)
trusty/esm_glusterfs: not-affected (code not present)
xenial_glusterfs: ignored (end of standard support, was needed)
artful_glusterfs: ignored (reached end-of-life)
bionic_glusterfs: needed
cosmic_glusterfs: not-affected (4.0.2-1)
disco_glusterfs: not-affected (4.0.2-1)
eoan_glusterfs: not-affected (4.0.2-1)
focal_glusterfs: not-affected (4.0.2-1)
groovy_glusterfs: not-affected (4.0.2-1)
hirsute_glusterfs: not-affected (4.0.2-1)
impish_glusterfs: not-affected (4.0.2-1)
jammy_glusterfs: not-affected (4.0.2-1)
devel_glusterfs: not-affected (4.0.2-1)