cve/2018/CVE-2018-1088.md

### [CVE-2018-1088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1088)
![](https://img.shields.io/static/v1?label=Product&message=glusterfs&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%203.x%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266&color=brighgreen)

### Description

A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/0xT11/CVE-POC
- https://github.com/ARPSyndicate/cvemon
- https://github.com/MauroEldritch/GEVAUDAN
- https://github.com/anquanscan/sec-tools
- https://github.com/developer3000S/PoC-in-GitHub
- https://github.com/hectorgie/PoC-in-GitHub
Update Sun May 26 14:27:04 CEST 2024 2024-05-26 14:27:05 +02:00			`### [CVE-2018-1088](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1088)`
			`![](https://img.shields.io/static/v1?label=Product&message=glusterfs&color=blue)`
			`![](https://img.shields.io/static/v1?label=Version&message=%3D%203.x%20&color=brighgreen)`
			`![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-266&color=brighgreen)`

			`### Description`

			`A privilege escalation flaw was found in gluster 3.x snapshot scheduler. Any gluster client allowed to mount gluster volumes could also mount shared gluster storage volume and escalate privileges by scheduling malicious cronjob via symlink.`

			`### POC`

			`#### Reference`
			`No PoCs from references.`

			`#### Github`
			`- https://github.com/0xT11/CVE-POC`
			`- https://github.com/ARPSyndicate/cvemon`
			`- https://github.com/MauroEldritch/GEVAUDAN`
			`- https://github.com/anquanscan/sec-tools`
			`- https://github.com/developer3000S/PoC-in-GitHub`
			`- https://github.com/hectorgie/PoC-in-GitHub`