CVE-2023-46742

CVSS 3.1 Score 6.5 of 10 (medium)

Details

Published Jan 3, 2024
Updated: Jan 10, 2024
CWE ID 532

Summary

CVE-2023-46742 is a vulnerability affecting CubeFS, an open-source cloud-native file storage system. The vulnerability exists in versions prior to 3.3.1 and results in the leakage of users' secret keys and access keys in multiple components, specifically when CubeCS creates new users. This can allow lower-privileged users with access to the logs to retrieve sensitive information and potentially impersonate other users with higher privileges. The issue has been patched in version 3.3.1, and the only mitigation is to upgrade CubeFS. The vulnerability has a medium severity rating with a base score of 6.5, indicating a potential high impact on confidentiality.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-46742 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options