Unauthorized Access to All Buckets and Data within a Namespace Due to Improper Access Control Vulnerability
CVE-2024-22459

6.5MEDIUM

Key Information:

Vendor: Dell
Status: Ecs
Vendor: CVE Published:; 28 February 2024

Summary

Dell ECS, versions 3.6 through 3.6.2.5, and 3.7 through 3.7.0.6, and 3.8 through 3.8.0.4 versions, contain an improper access control vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to unauthorized access to all buckets and their data within a namespace

Affected Version(s)

ECS 3.8 <= 3.8.0.4

ECS 3.7 <= 3.7.0.6

ECS 3.6 <= 3.6.2.5

References

https://www.dell.com/support/kbdoc/en-us/000222470/dsa-20...

vendor-advisory

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 28, 2024
Vulnerability Reserved
Jan 10, 2024

Credit

Amund Tenstad