CVE-2023-22574

Name of the Vulnerable Software and Affected Versions Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x

Description The issue is related to the disclosure of sensitive information through log files in the IPMI interface of the PowerScale OneFS operating system. A low-privileged user with permission to read logs on the cluster could potentially exploit this, leading to information disclosure and denial of service.

Recommendations For Dell PowerScale OneFS versions 9.0.0.x through 9.4.0.x, consider restricting access to log files to minimize the risk of exploitation until a patch is available. As a temporary workaround, limit permissions for low-privileged users to read logs on the cluster. Avoid using the platform API of the IPMI module until the issue is resolved.