PT-2024-19437 · Dell · Dell Ecs
Amund Tenstad
·
Published
2024-02-28
·
Updated
2024-02-28
·
CVE-2024-22459
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Dell ECS versions 3.6 through 3.6.2.5
Dell ECS versions 3.7 through 3.7.0.6
Dell ECS versions 3.8 through 3.8.0.4
Description
The issue is related to an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace.
Recommendations
For versions 3.6 through 3.6.2.5, update to a version later than 3.6.2.5 to resolve the issue.
For versions 3.7 through 3.7.0.6, update to a version later than 3.7.0.6 to resolve the issue.
For versions 3.8 through 3.8.0.4, update to a version later than 3.8.0.4 to resolve the issue.
As a temporary workaround, consider restricting access to sensitive buckets and their data within a namespace until a patch is available.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Dell Ecs