CVE-2022-34426

Name of the Vulnerable Software and Affected Versions Dell Container Storage Modules version 1.2

Description The issue is related to an improper limitation of a pathname to a restricted directory in the goiscsi and gobrick libraries. This could lead to OS command injection, allowing a remote unauthenticated attacker to exploit the vulnerability and gain unintentional access to paths outside of the restricted directory.

Recommendations For Dell Container Storage Modules version 1.2, consider restricting access to the goiscsi and gobrick libraries until a patch is available. As a temporary workaround, limit the execution of commands that could lead to OS command injection. At the moment, there is no information about a newer version that contains a fix for this vulnerability.