CVE-2023-4976

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array...

CVE-2023-4976 FlashBlade Authentication Mechanism Vulnerability

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array...

CVE-2023-4976

CVE-2023-4976 affects Pure FlashBlade. The flaw allows a local account to authenticate to the FlashBlade management interface via an unintended method, enabling privileged access to the array. The available sources (NVD/Red Hat) describe the impact as high confidentiality, integrity, and availabi...

PT-2024-13796 · Unknown · Purity//Fb

Name of the Vulnerable Software and Affected Versions: Purity//FB affected versions not specified Description: A flaw in the authentication mechanism allows a local account to access the management interface using an unintended method, potentially granting an attacker privileged access to the...

Privilege escalation

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...

Design/Logic Flaw

Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable t...

CVE-2022-32554

CVE-2022-32554 affects Pure Storage FlashArray (Purity//FA) and FlashBlade (Purity//FB) releases prior to patches: FA 6.2.0–6.2.3, 6.1.0–6.1.12, 6.0.0–6.0.8, 5.3.0–5.3.17, 5.2.x and earlier; FB 3.3.0, 3.2.0–3.2.4, 3.1.0–3.1.12, 3.0.x and earlier. The issue allows possibly exposed credentials to a...

CVE-2022-32552

CVE-2022-32552 affects Pure Storage FlashArray (Purity//FA) versions 5.2.x and prior through 6.2.3, and FlashBlade (Purity//FB) 3.0.x through 3.3.0. The root cause is a privilege-escalation vulnerability caused by manipulation of Python environment variables, which an authenticated user can explo...

CVE-2022-32553

CVE-2022-32553 affects Pure Storage FlashArray (Purity//FA) versions 5.2.x and prior up to 6.2.3, and FlashBlade (Purity//FB) up to 3.3.0; vulnerability is privilege escalation via manipulation of environment variables. A logged-in user can escape a restricted shell to an unrestricted shell with ...