CVE-2020-26191

Name of the Vulnerable Software and Affected Versions: Dell EMC PowerScale OneFS versions 8.1.0 through 9.1.0

Description: The issue allows a user with ISI PRIV JOB ENGINE to use the PermissionRepair job and grant themselves the highest level of RBAC privileges. This enables them to read arbitrary data, tamper with system software, or deny service to users.

Recommendations: For Dell EMC PowerScale OneFS versions 8.1.0 through 9.1.0, consider restricting the use of the PermissionRepair job to prevent privilege escalation until a patch is available. Additionally, limit the assignment of ISI PRIV JOB ENGINE to only necessary users to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.