Cubefs Security Vulnerabilities and Issues — Cubefs CVE List

Lucene search

LinuxfoundationCubefs

4 matches found

CVE•added 2024/01/03 5:15 p.m.•48 views

CVE-2023-46739

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions prior to 3.3.1 that could allow an untrusted attacker to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS us...

6.5CVSS5.5AI score0.00062EPSS

CVE•added 2023/04/12 6:15 a.m.•47 views

CVE-2023-30512

CubeFS through 3.2.1 allows Kubernetes cluster-level privilege escalation. This occurs because DaemonSet has cfs-csi-cluster-role and can thus list all secrets, including the admin secret.

6.5CVSS6.5AI score0.00063EPSS

CVE•added 2024/01/03 5:15 p.m.•44 views

CVE-2023-46742

CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the ...

6.5CVSS6.2AI score0.00046EPSS

CVE•added 2024/01/03 4:15 p.m.•35 views

CVE-2023-46738

CubeFS is an open-source cloud-native file storage system. A security vulnerability was found in CubeFS HandlerNode in versions prior to 3.3.1 that could allow authenticated users to send maliciously-crafted requests that would crash the ObjectNode and deny other users from using it. The root cause...

6.5CVSS6.3AI score0.00053EPSS