CVE-2024-55582

Name of the Vulnerable Software and Affected Versions Oxide versions prior to 6

Description The issue concerns unencrypted Control Plane datastores in Oxide. This means that data stored in the Control Plane is not encrypted, potentially exposing it to unauthorized access. There is no information provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited.

Recommendations For versions prior to 6, consider encrypting the Control Plane datastores as a mitigation measure. However, the most effective resolution would be to update to version 6 or later, as it is implied that this version addresses the issue of unencrypted datastores. At the moment, there is no information about additional configuration changes or workarounds that can fully resolve the issue without updating.