PT-2022-6220 · Dell · Dell Powerscale Onefs
Published
2022-06-30
·
Updated
2022-10-24
·
CVE-2022-31239
CVSS v2.0
6.8
Medium
| Vector | AV:L/AC:L/Au:S/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Dell PowerScale OneFS versions 9.0.0 through 9.1.0.19
Dell PowerScale OneFS version 9.2.1.12
Dell PowerScale OneFS version 9.3.0.6
Description
The issue is related to the disclosure of sensitive information through log files in the PowerScale OneFS operating system. A privileged local user may potentially exploit this, leading to the disclosure of protected information.
Recommendations
For Dell PowerScale OneFS versions 9.0.0 through 9.1.0.19, consider restricting access to log files to minimize the risk of sensitive data disclosure.
For Dell PowerScale OneFS version 9.2.1.12, restrict access to log files until a patch is available.
For Dell PowerScale OneFS version 9.3.0.6, avoid using log files that may contain sensitive data until the issue is resolved.
Fix
Insertion into Log File
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Powerscale Onefs