CVE-2023-51786

Published: Mar 7, 2024Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue was discovered in Lustre versions 2.13.x, 2.14.x, and 2.15.x before 2.15.4, allows attackers to escalate privileges and obtain sensitive information via Incorrect Access Control.

Related CWEs

CWE-284

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2024/03/12/2

Source: cve@mitre.org

http://lists.lustre.org/pipermail/lustre-announce-lustre.org/2024/000270.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2024/03/12/2

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.