CVE-2023-32488

CVSS 5.3 MEDIUMEPSS 0.3%CWE-1230

In short

Dell PowerScale OneFS versions 8.2 through 9.5 have a flaw in its NFS (Network File System) service that could allow a user with basic access to read sensitive information they shouldn't be able to access.

Technical detail

An information disclosure vulnerability exists in the NFS implementation of Dell PowerScale OneFS 8.2.x-9.5.0.x that permits a low-privileged attacker to access confidential data. The vulnerability requires NFS client access and improper permission enforcement enables unauthorized information exposure.

Summary generated and translated by AI from the official description.

Dell PowerScale OneFS, 8.2.x-9.5.0.x, contains an information disclosure vulnerability in NFS. A low privileged attacker could potentially exploit this vulnerability, leading to information disclosure.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Dell · PowerScale OneFS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://www.dell.com/support/kbdoc/en-us/000216717/dsa-2023-269-security-update-for-dell-powerscale-onefs-for-multiple-security-vulnerabilities