CVE-2022-23238 - OpenCVE

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Canonical	Ubuntu Linux
Netapp	Storagegrid
Linux	Linux Kernel
Centos	Centos
Redhat	Enterprise Linux Server

Configuration 1 [-]

AND

cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
	cpe:2.3:o:centos:centos:7.9::::::x64:
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:redhat:enterprise_linux_server:7.9::::::x64:

References

Link	Resource
https://security.netapp.com/advisory/NTAP-20220808-0001/	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: netapp

Published: 2022-08-09T20:18:39

Updated: 2022-08-09T20:18:39

Reserved: 2022-01-14T00:00:00

Link: CVE-2022-23238

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-08-10T20:15:30.537

Modified: 2022-08-15T20:19:29.800

Link: CVE-2022-23238

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-noinfo

{"containers": {"cna": {"affected": [{"product": "StorageGRID (formerly StorageGRID Webscale)", "vendor": "n/a", "versions": [{"status": "affected", "version": "11.6.0 through 11.6.0.2"}]}], "descriptions": [{"lang": "en", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}], "problemTypes": [{"descriptions": [{"description": "Improper Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T20:18:39", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "ID": "CVE-2022-23238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "StorageGRID (formerly StorageGRID Webscale)", "version": {"version_data": [{"version_value": "11.6.0 through 11.6.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/NTAP-20220808-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}]}}}}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2022-23238", "datePublished": "2022-08-09T20:18:39", "dateReserved": "2022-01-14T00:00:00", "dateUpdated": "2022-08-09T20:18:39", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0D98A33-61A2-4D8D-A43F-96765DFDE68C", "versionEndExcluding": "11.6.0.3", "versionStartIncluding": "11.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F", "vulnerable": false}, {"criteria": "cpe:2.3:o:centos:centos:7.9:*:*:*:*:*:x64:*", "matchCriteriaId": "2D2B5B32-3969-4C7E-986A-4F7683E116A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F952CED-2EA6-447E-BE5D-84CEEF065E4C", "versionEndExcluding": "4.7", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.9:*:*:*:*:*:x64:*", "matchCriteriaId": "F2235A81-D4A7-47F9-9C09-B8EC965F8F4B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}, {"lang": "es", "value": "Las implantaciones en Linux de StorageGRID (anteriormente conocido como StorageGRID Webscale) versiones 11.6.0 hasta 11.6.0.2 implantadas con una versi\u00f3n del kernel de Linux inferior a 4.7.0 son susceptibles de una vulnerabilidad que podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n de m\u00e9tricas limitada y modificar los destinatarios y el contenido de los correos electr\u00f3nicos de alerta"}], "id": "CVE-2022-23238", "lastModified": "2022-08-15T20:19:29.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-10T20:15:30.537", "references": [{"source": "security-alert@netapp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}