| Description: | glusterfs is vulnerable to privilege escalation on gluster server nodes. An authenticated gluster client via TLS could use gluster cli with privileged gluster operations like adding other machines to trusted storage pool, start, stop, and delete volumes. It was discovered that GlusterFS incorrectly handled user permissions. An authenticated attacker could possibly use this to add himself to trusted storage pool and performing privileged operations on volumes.
|