VDB
CVE-2018-1088
CVE-2018-1088
PUBLISHED
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
EPSS 10.78% · 93.5th percentile
Risk Scores
EPSS Score
10.78%
93.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:Pro:18.04:LTS | glusterfs | 0, 3.11.2-1, 3.12.2-1 |
| Ubuntu:Pro:16.04:LTS | glusterfs | 0, 3.7.3-1ubuntu1, 3.7.3-1ubuntu2 |
Exploit Intelligence
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc-repo)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc)
- Exploit for Red Hat / GlusterFS CVE-2018-1088 & CVE-2018-1112, featured @ DEFCON 26, Las Vegas! (github-poc)
…and 1 more exploits
Timeline
- Apr 18, 2018 CVE Published
- Apr 14, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 11, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-1088 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1558721 third-party-advisory
- https://ubuntu.com/security/notices/USN-4770-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-1088 third-party-advisory