CVE-2023-22572

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 9.1.0.x through 9.4.0.x

Description The issue is related to the insertion of sensitive information into log files when changing passwords through the interface. A low-privilege local attacker could potentially exploit this, leading to system takeover.

Recommendations For versions 9.1.0.x through 9.4.0.x, consider disabling the change password API until a patch is available to prevent potential exploitation. Restrict access to log files to minimize the risk of sensitive information disclosure.