CVE-2024-29955

CWE-532Log File Information Exposure3 documents3 sources
Severity
5.5MEDIUM
EPSS
0.1%
top 71.32%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Broadcom Brocade SannavBrocade Brocade Sannav
Timeline
PublishedApr 17
Latest updateApr 18

Description

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 1.3 | Impact: 3.6

Affected Packages2 packages

CVEListV5brocade/brocade_sannavbefore v2.3.1 and v2.3.0a

🔴Vulnerability Details

2
GHSA
GHSA-g3qp-jr64-m396: A vulnerability in Brocade SANnav before v22024-04-18
CVEList
Insertion of Sensitive Information into Brocade SANnav Log File2024-04-17
CVE-2024-29955 (MEDIUM CVSS 5.5) | A vulnerability in Brocade SANnav b | cvebase.io