What is the vulnerability ID for this issue?

The vulnerability ID for this issue is CVE-2022-23238.

Which versions of StorageGRID are affected by this vulnerability?

Linux deployments of StorageGRID versions 11.6.0 through 11.6.0.2 are affected by this vulnerability.

What is the severity of CVE-2022-23238?

The severity of CVE-2022-23238 is medium, with a CVSS score of 6.5.

How can a remote unauthenticated attacker exploit this vulnerability?

A remote unauthenticated attacker can exploit this vulnerability to view limited metrics information and modify alert email recipients.

Is Ubuntu Linux 16.04 vulnerable to CVE-2022-23238?

No, Ubuntu Linux 16.04 is not vulnerable to CVE-2022-23238.

Vulnerability/
CVE-2022-23238

medium

6.5

9/8/2022

3/8/2024

CVE-2022-23238

First published: Tue Aug 09 2022(Updated: )

Linux deployments of StorageGRID (formerly StorageGRID Webscale) versions 11.6.0 through 11.6.0.2 deployed with a Linux kernel version less than 4.7.0 are susceptible to a vulnerability which could allow a remote unauthenticated attacker to view limited metrics information and modify alert email recipients and content.

Credit: security-alert@netapp.com

Affected Software	Affected Version	How to fix
Netapp Storagegrid	>=11.6.0<11.6.0.3
Canonical Ubuntu Linux	=16.04
CentOS CentOS	=7.9
Linux Linux kernel	<4.7
Redhat Enterprise Linux Server	=7.9

Remedy

https://security.netapp.com/advisory/NTAP-20220808-0001/

Never miss a vulnerability like this again

Reference Links

https://security.netapp.com/advisory/NTAP-20220808-0001/

Frequently Asked Questions

What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2022-23238.
Which versions of StorageGRID are affected by this vulnerability?
Linux deployments of StorageGRID versions 11.6.0 through 11.6.0.2 are affected by this vulnerability.
What is the severity of CVE-2022-23238?
The severity of CVE-2022-23238 is medium, with a CVSS score of 6.5.
How can a remote unauthenticated attacker exploit this vulnerability?
A remote unauthenticated attacker can exploit this vulnerability to view limited metrics information and modify alert email recipients.
Is Ubuntu Linux 16.04 vulnerable to CVE-2022-23238?
No, Ubuntu Linux 16.04 is not vulnerable to CVE-2022-23238.

agent/type
agent/last-modified-date
agent/first-publish-date
collector/nvd-index
agent/software-canonical-lookup-request
agent/references
agent/severity
agent/author
agent/remedy
agent/tags
agent/description
agent/softwarecombine
agent/event
collector/mitre-cve
source/MITRE
vendor/netapp
canonical/netapp storagegrid
version/netapp storagegrid/11.6.0
vendor/canonical
canonical/canonical ubuntu linux
version/canonical ubuntu linux/16.04
vendor/centos
canonical/centos centos
version/centos centos/7.9
vendor/linux
canonical/linux linux kernel
vendor/redhat
canonical/redhat enterprise linux server
version/redhat enterprise linux server/7.9

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.