CVE-2022-23238

Name of the Vulnerable Software and Affected Versions StorageGRID versions 11.6.0 through 11.6.0.2

Description The issue is related to errors in information processing, which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content. This could potentially give an attacker unauthorized access to protected information or alter the content of alerts.

Recommendations For StorageGRID versions 11.6.0 through 11.6.0.2, consider updating the Linux kernel to version 4.7.0 or later to mitigate the risk. Additionally, as a temporary workaround, restrict access to metrics information and alert configuration to minimize the risk of exploitation.