Lucene search
K
LinuxfoundationCubefs

6 matches found

CVE
CVE
added 2023/04/12 12:0 a.m.62 views

CVE-2023-30512

CubeFS

6.5CVSS6.5AI score0.00507EPSS
CVE
CVE
added 2024/01/03 4:15 p.m.61 views

CVE-2023-46739

CVE-2023-46739 affects CubeFS (open-source cloud-native file storage). In the CubeFS master component, the UserService uses raw string comparison for passwords, enabling a timing-attack which could leak user passwords. This vulnerability exists in versions prior to 3.3.1 and is fixed in v3.3.1; u...

6.5CVSS5.5AI score0.00353EPSS
CVE
CVE
added 2024/01/03 4:25 p.m.58 views

CVE-2023-46742

CubeFS (before v3.3.1) leaks users’ secret keys and access keys in logs across multiple components, including during new user creation. This constitutes information disclosure and potentially enables log-access attackers to impersonate users. The issue is mitigated only by upgrading to v3.3.1, pe...

6.5CVSS6.2AI score0.00271EPSS
CVE
CVE
added 2024/01/03 4:20 p.m.54 views

CVE-2023-46740

Summary: CVE-2023-46740 affects CubeFS before v3.3.1, where an insecure random string generator used for user accessKeys could be predicted, enabling an attacker to impersonate users and obtain higher privileges. The root cause is the use of a weak RNG for sensitive per-user keys during user crea...

9.8CVSS9.1AI score0.00439EPSS
CVE
CVE
added 2024/01/03 4:23 p.m.52 views

CVE-2023-46741

CubeFS (open-source cloud-native file storage) has a vulnerability in versions prior to 3.3.1 where secrets/configuration keys are leaked in plaintext logs. The root cause is logging sensitive keys, enabling an attacker to read keys and perform operations on blobs they should not have permission ...

9.8CVSS9.3AI score0.00301EPSS
CVE
CVE
added 2024/01/03 3:35 p.m.47 views

CVE-2023-46738

CVE-2023-46738 affects CubeFS HandlerNode (versions before 3.3.1). A malicious, authenticated user can trigger a crafted HTTP request that causes the ObjectNode to allocate memory beyond available limits, leading to memory exhaustion and denial of service. Root cause: improper handling of incomin...

6.5CVSS6.3AI score0.00555EPSS