Home > Vulnerability Database > CVE-2023-46742

Mend.io Vulnerability Database

CVE-2023-46742

Good to know:

Date: January 3, 2024

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.

Language: Go

Severity Score

4.8

Related Resources (5)

Url: https://github.com/cubefs/cubefs/security/advisories/GHSA-vwch-g97w-hfg2

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-46742

Url: https://github.com/cubefs/cubefs

Url: https://github.com/cubefs/cubefs/commit/8dccce6ac8dff3db44d7e9074094c7303a5ff5dd

Url: https://www.mend.io/vulnerability-database/CVE-2023-46742

Severity Score

4.8

Weakness Type (CWE)

Insertion of Sensitive Information into Log File

CWE-532

Top Fix

Upgrade Version

Upgrade to version github.com/cubefs/cubefs - v3.3.1

Learn More

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-46742

Good to know:

Date: January 3, 2024

Language: Go

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?