Difficult to Exploit Reflected Cross-Site Scripting Vulnerability Affects StorageGRID Webscale
CVE-2024-21984

5.9MEDIUM

Key Information:

Vendor: Netapp
Status: Storagegrid
Vendor: CVE Published:; 16 February 2024

Summary

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.8 are susceptible to a difficult to exploit Reflected Cross-Site Scripting (XSS) vulnerability. Successful exploit requires the attacker to know specific information about the target instance and trick a privileged user into clicking a specially crafted link. This could allow the attacker to view or modify configuration settings or add or modify user accounts.

Affected Version(s)

StorageGRID 0 < 11.8

References

https://security.netapp.com/advisory/ntap-20240216-0013/

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

High

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Feb 16, 2024
Vulnerability Reserved
Jan 3, 2024