Privilege escalation

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...

Design/Logic Flaw

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...

CVE-2022-32554

CVE-2022-32554 affects Pure Storage FlashArray (Purity//FA) and FlashBlade (Purity//FB) releases prior to patches: FA 6.2.0–6.2.3, 6.1.0–6.1.12, 6.0.0–6.0.8, 5.3.0–5.3.17, 5.2.x and earlier; FB 3.3.0, 3.2.0–3.2.4, 3.1.0–3.1.12, 3.0.x and earlier. The issue allows possibly exposed credentials to a...

CVE-2022-32552

CVE-2022-32552 affects Pure Storage FlashArray (Purity//FA) versions 5.2.x and prior through 6.2.3, and FlashBlade (Purity//FB) 3.0.x through 3.3.0. The root cause is a privilege-escalation vulnerability caused by manipulation of Python environment variables, which an authenticated user can explo...

CVE-2022-32553

CVE-2022-32553 affects Pure Storage FlashArray (Purity//FA) versions 5.2.x and prior up to 6.2.3, and FlashBlade (Purity//FB) up to 3.3.0; vulnerability is privilege escalation via manipulation of environment variables. A logged-in user can escape a restricted shell to an unrestricted shell with ...