CVE-2022-40607: IBM Spectrum Scale directory traversal
First published: Tue Dec 13 2022(Updated: )
IBM Spectrum Scale 5.1 could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem. IBM X-Force ID: 235740.
Credit: psirt@us.ibm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| IBM Spectrum Scale | <=5.1.4.0 | |
| Linux Linux kernel | ||
| <=CSI 2.6.0 or before (CNSA 5.1.4.0 or before) |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2022-40607.
What is the severity level of CVE-2022-40607?
The severity level of CVE-2022-40607 is medium.
What software is affected by CVE-2022-40607?
IBM Spectrum Scale version 5.1.4.0 is affected by CVE-2022-40607.
What is the impact of CVE-2022-40607?
CVE-2022-40607 allows users with permissions to access files and directories outside of the volume, including on the host filesystem.
How can I fix CVE-2022-40607?
To fix CVE-2022-40607, upgrade to a version of IBM Spectrum Scale that is not affected by this vulnerability.
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/author
- agent/weakness
- agent/last-modified-date
- agent/severity
- agent/description
- agent/softwarecombine
- agent/tags
- agent/event
- collector/ibm-support
- source/IBM
- agent/software-canonical-lookup
- vendor/ibm
- canonical/ibm spectrum scale
- version/ibm spectrum scale/5.1.4.0
- vendor/linux
- canonical/linux linux kernel
- version/ibm spectrum scale/csi 2.6.0 or before (cnsa 5.1.4.0 or before)