CVE-2022-23238

3 documents3 sources

Severity

6.5MEDIUM

EPSS

0.7%

top 26.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Netapp Storagegrid

Timeline

PublishedAug 10

Latest updateAug 11

Description

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:NExploitability: 3.9 | Impact: 2.5

Affected Packages2 packages

▶CVEListV5storagegrid_(formerly_storagegrid_webscale)11.6.0 through 11.6.0.2

▶NVDnetapp/storagegrid11.6.0 — 11.6.0.3

Patches

Patch: security.netapp.com ↗Patch: security.netapp.com ↗

🔴Vulnerability Details

GHSA

GHSA-v3jh-c2rv-xp22: Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11↗2022-08-11

▶

CVEList

CVE-2022-23238: Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11↗2022-08-09

▶