Insecure Docker Instances in Brocade SANnav Allow Reading and Writing Access to Sensitive Files
CVE-2024-29967

6MEDIUM

Key Information:

Vendor: Brocade
Status: Brocade Sannav
Vendor: CVE Published:; 19 April 2024

What is CVE-2024-29967?

In Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a, it was observed that Docker instances inside the appliance have insecure mount points, allowing reading and writing access to sensitive files. The vulnerability could allow a sudo privileged user on the host OS to read and write access to these files.

Affected Version(s)

Brocade SANnav before Brocade SANnav v2.31 and v2.3.0a

References

https://support.broadcom.com/external/content/SecurityAdv...

CVSS V3.1

Score:

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Apr 19, 2024
Vulnerability Reserved
Mar 22, 2024