VYPR
Unrated severityNVD Advisory· Published Mar 4, 2022· Updated Aug 3, 2024

CVE-2022-23232

CVE-2022-23232

Description

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).

Affected products

2
  • NetApp/Storagegridinferred2 versions
    <11.6.0+ 1 more
    • (no CPE)range: <11.6.0
    • (no CPE)range: <11.6.0

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.