CVE-2024-3057

Published: Oct 8, 2024Modified: Oct 10, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: psirt@purestorage.com (Secondary)

Description

A flaw exists whereby a user can make a specific call to a FlashArray endpoint allowing privilege escalation.

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

References (1)

https://support.purestorage.com/category/m_pure_storage_product_security

Source: psirt@purestorage.com

Timeline

No history available yet.