Vulnerabilities > Gluster > Glusterfs > 4.0.2
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-09-04 | CVE-2018-10924 | Missing Release of Resource after Effective Lifetime vulnerability in Gluster Glusterfs It was discovered that fsync(2) system call in glusterfs client code leaks memory. | 6.8 |
2018-06-20 | CVE-2018-10841 | Authentication Bypass Using an Alternate Path or Channel vulnerability in multiple products glusterfs is vulnerable to privilege escalation on gluster server nodes. | 8.8 |
2018-04-25 | CVE-2018-1112 | Unspecified vulnerability in Gluster Glusterfs glusterfs server before versions 3.10.12, 4.0.2 is vulnerable when using 'auth.allow' option which allows any unauthenticated gluster client to connect from any network to mount gluster storage volumes. | 7.5 |