CVE-2022-45098

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x

Description The issue is related to the cleartext storage of sensitive information in the S3 component, potentially leading to information disclosure. An authenticated local attacker could exploit this, resulting in unauthorized access to protected information. The vulnerability is associated with the disclosure of information through log files.

Recommendations For versions 9.0.0.x through 9.4.0.x, consider restricting access to the S3 component until a patch is available. As a temporary workaround, limit the use of the S3 component to minimize the risk of exploitation.