The vulnerability allows a low‑privileged local user to cause system components to write sensitive data, such as authentication tokens or credentials, directly to log files. The insertion of this data into logs violates confidentiality and may let the attacker read those logs and extract secrets. By leveraging the exposed secrets, an attacker could potentially access the system with the privileges of the compromised local account. The weakness is classified as CWE‑532, an insertion of sensitive information into log files.

Affected are Dell Elastic Cloud Storage releases 3.8.1.7 and earlier and Dell ObjectScale versions before 4.1.0.3, as well as version 4.2.0.0. Any deployment of these products that has not applied the security update listed in the Dell Knowledge Base article is at risk. The vulnerability is present whenever the product is installed on a system that writes sensitive data to its logs.

The CVSS base score of 7.8 indicates a high severity level based solely on potential for secret disclosure. The EPSS score of less than 1% suggests a low probability of exploitation in the wild, and the vulnerability is not listed in the CISA KEV catalog. The attack vector requires local, non‑privileged access and the ability to read log files, which is typically available to any local user on the host. If an attacker can read the logs they can obtain secrets; the description does not indicate any remote exploitation paths or denial‑of‑service impact. The risk is therefore confined to confidentiality compromise and potential local privilege or other exploitation that may follow.