CVE-2022-23238 - OpenCVE

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Canonical	Ubuntu Linux
Centos	Centos
Linux	Linux Kernel
Netapp	Storagegrid
Redhat	Enterprise Linux Server

Configuration 1 [-]

AND

cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*

OR	cpe:2.3:o:canonical:ubuntu_linux:16.04:::::::*
	cpe:2.3:o:centos:centos:7.9::::::x64:
	cpe:2.3:o:linux:linux_kernel::::::::
	cpe:2.3:o:redhat:enterprise_linux_server:7.9::::::x64:

No data.

References

Link	Providers
https://security.netapp.com/advisory/NTAP-20220808-0001/

History

No history.

MITRE

Status: PUBLISHED

Assigner: netapp

Published: 2022-08-09T20:18:39

Updated: 2024-08-03T03:36:20.162Z

Reserved: 2022-01-14T00:00:00

Link: CVE-2022-23238

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-08-10T20:15:30.537

Modified: 2022-08-15T20:19:29.800

Link: CVE-2022-23238

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "StorageGRID (formerly StorageGRID Webscale)", "vendor": "n/a", "versions": [{"status": "affected", "version": "11.6.0 through 11.6.0.2"}]}], "descriptions": [{"lang": "en", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}], "problemTypes": [{"descriptions": [{"description": "Improper Access Control", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-08-09T20:18:39", "orgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "shortName": "netapp"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-alert@netapp.com", "ID": "CVE-2022-23238", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "StorageGRID (formerly StorageGRID Webscale)", "version": {"version_data": [{"version_value": "11.6.0 through 11.6.0.2"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Improper Access Control"}]}]}, "references": {"reference_data": [{"name": "https://security.netapp.com/advisory/NTAP-20220808-0001/", "refsource": "MISC", "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T03:36:20.162Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}]}]}, "cveMetadata": {"assignerOrgId": "11fdca00-0482-4c88-a206-37f9c182c87d", "assignerShortName": "netapp", "cveId": "CVE-2022-23238", "datePublished": "2022-08-09T20:18:39", "dateReserved": "2022-01-14T00:00:00", "dateUpdated": "2024-08-03T03:36:20.162Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:storagegrid:*:*:*:*:*:*:*:*", "matchCriteriaId": "F0D98A33-61A2-4D8D-A43F-96765DFDE68C", "versionEndExcluding": "11.6.0.3", "versionStartIncluding": "11.6.0", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:*:*:*:*", "matchCriteriaId": "712507AC-DAB8-4FFE-9426-08282919411F", "vulnerable": false}, {"criteria": "cpe:2.3:o:centos:centos:7.9:*:*:*:*:*:x64:*", "matchCriteriaId": "2D2B5B32-3969-4C7E-986A-4F7683E116A3", "vulnerable": false}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F952CED-2EA6-447E-BE5D-84CEEF065E4C", "versionEndExcluding": "4.7", "vulnerable": false}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.9:*:*:*:*:*:x64:*", "matchCriteriaId": "F2235A81-D4A7-47F9-9C09-B8EC965F8F4B", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content."}, {"lang": "es", "value": "Las implantaciones en Linux de StorageGRID (anteriormente conocido como StorageGRID Webscale) versiones 11.6.0 hasta 11.6.0.2 implantadas con una versi\u00f3n del kernel de Linux inferior a 4.7.0 son susceptibles de una vulnerabilidad que podr\u00eda permitir a un atacante remoto no autenticado visualizar informaci\u00f3n de m\u00e9tricas limitada y modificar los destinatarios y el contenido de los correos electr\u00f3nicos de alerta"}], "id": "CVE-2022-23238", "lastModified": "2022-08-15T20:19:29.800", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-10T20:15:30.537", "references": [{"source": "security-alert@netapp.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://security.netapp.com/advisory/NTAP-20220808-0001/"}], "sourceIdentifier": "security-alert@netapp.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}