Watson Studio Local was allowing glusterFS mounting without any authorization. As long as the user had access to the same network, they could mount gluster volumes in any cluster. Internal implementation has been changed to check for permission before glusterFS mounting is allowed.
CVE(s): Not Applicable
Affected product(s) and affected version(s):
| Affected IBM Watson Studio – Local | Affected Versions |
|---|---|
| IBM Data Science Experience Local | 1.1.0 |
| IBM Data Science Experience Local | 1.1.1 |
| IBM Data Science Experience Local | 1.2.0 |
| IBM Data Science Experience Local | 1.1.2 |
| IBM Data Science Experience Local | 1.1.3 |
Refer to the following reference URLs for remediation and additional vulnerability details:
Source Bulletin: https://www-01.ibm.com/support/docview.wss?uid=ibm10791871
X-Force Database:
The post IBM Security Bulletin: IBM Watson Studio – Local allows mounting glusterFS without security check appeared first on IBM PSIRT Blog.
from IBM Product Security Incident Response Team https://ift.tt/2Z0w2iC
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.