CVE-2018-1088
8.1
HIGH
CVSS 3.1
EPSS 10.8%
Description
A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.
How to fix CVE-2018-1088
To remediate CVE-2018-1088, upgrade the affected package to a fixed version below.
- Debian/glusterfs—upgrade to 4.0.2-1 or later
Is CVE-2018-1088 being exploited?
Moderate — EPSS is 10.8%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (1)
- from 0, < 4.0.2-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.1 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |