← Retour aux CVEs
CVE-2023-46742
MEDIUM4.8
Description
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.
Details CVE
Score CVSS v3.14.8
SeveriteMEDIUM
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisLOW
Interaction utilisateurREQUIRED
Publie1/3/2024
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
linuxfoundation:cubefs
Faiblesses (CWE)
CWE-532
References
https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd(security-advisories@github.com)
https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2(security-advisories@github.com)
https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.