CVE-2018-10841

Priority
Description
glusterfs is vulnerable to privilege escalation on gluster server nodes. An
authenticated gluster client via TLS could use gluster cli with
--remote-host command to add it self to trusted storage pool and perform
privileged gluster operations like adding other machines to trusted storage
pool, start, stop, and delete volumes.
Ubuntu-Description
It was discovered that GlusterFS incorrectly handled user permissions. An
authenticated attacker could possibly use this to add himself to trusted
storage pool and performing privileged operations on volumes.
Notes
Package
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):not-affected (code not present)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):not-affected (4.1.2-1)
Ubuntu 19.10 (Eoan):not-affected (4.1.2-1)
More Information

Updated: 2019-10-18 02:35:59 UTC (commit cccfc4426d8c1fbf582a89d981fe7fc812124543)