CVE-2022-23238
Published Aug 9, 2022
·Updated
Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.
Affected Software
5 affected components
NetApp Storagegrid>=11.6.0<11.6.0.3
Canonical Ubuntu Linux=16.04
CentOS CentOS=7.9
Linux Linux kernel<4.7
redhat Enterprise Linux Server=7.9
Remediation
Patch Available
Event History
Aug 9, 2022
CVE Published
via MITRE·08:18 PM
Data Sourced
via MITRE·08:18 PM
DescriptionWeakness
Frequently Asked Questions
1
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-23238.
2
Which versions of StorageGRID are affected by this vulnerability?
Linux deployments of StorageGRID versions 11.6.0 through 11.6.0.2 are affected by this vulnerability.
3
What is the severity of CVE-2022-23238?
The severity of CVE-2022-23238 is medium, with a CVSS score of 6.5.
4
How can a remote unauthenticated attacker exploit this vulnerability?
A remote unauthenticated attacker can exploit this vulnerability to view limited metrics information and modify alert email recipients.
5
Is Ubuntu Linux 16.04 vulnerable to CVE-2022-23238?
No, Ubuntu Linux 16.04 is not vulnerable to CVE-2022-23238.