CVE-2022-23232

CWE-287 — Improper Authentication3 documents3 sources

Severity

4.9MEDIUM

EPSS

0.3%

top 43.57%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Storagegrid

Timeline

PublishedMar 4

Latest updateMar 5

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directo…

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages2 packages

▶CVEListV5storagegrid_(formerly_storagegrid_webscale)Prior to 11.6.0

▶NVDnetapp/storagegrid< 11.6.0

🔴Vulnerability Details

GHSA

GHSA-wxfv-cvrq-p386: StorageGRID (formerly StorageGRID Webscale) versions prior to 11↗2022-03-05

▶

CVEList

CVE-2022-23232: StorageGRID (formerly StorageGRID Webscale) versions prior to 11↗2022-03-04

▶