Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2022-46174

Published: 28/12/2022 Updated: 11/01/2023
CVSS v3 Base Score: 4.2 | Impact Score: 2.5 | Exploitability Score: 1.6
VMScore: 0
Subscribe to Efs-utils

Vulnerability Summary

efs-utils is a set of Utilities for Amazon Elastic File System (EFS). A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1.34.3 and below. When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel. In affected versions, concurrent mount operations can allocate the same local port, leading to either failed mount operations or an inappropriate mapping from an EFS customer’s local mount points to that customer’s EFS file systems. This issue is patched in version v1.34.4. There is no recommended work around. We recommend affected users update the installed version of efs-utils to v1.34.4 or later.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

amazon efs-utils

amazon elastic file system container storage interface driver

Vendor Advisories

Red Hat: Moderate: OpenShift Container Platform 4.12.1 security update
Synopsis Moderate: OpenShift Container Platform 4121 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4121 is now available with updates to packages and images that fix several bugs and add enhancementsRed Hat Product Security has rated this update as having a security impact of ...
Amazon Linux 2: ALAS-2023-2342
efs-utils is a set of Utilities for Amazon Elastic File System (EFS) A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1343 and below When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel In affected v ...
Amazon Linux AMI: ALAS-2023-1889
efs-utils is a set of Utilities for Amazon Elastic File System (EFS) A potential race condition issue exists within the Amazon EFS mount helper in efs-utils versions v1343 and below When using TLS to mount file systems, the mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel In affected v ...
Red Hat:
Description<!---->A potential race condition issue exists within the Amazon EFS mount helper in efs-utils and aws-efs-csi-driver when using TLS to mount file systems The mount helper allocates a local port for stunnel to receive NFS connections prior to applying the TLS tunnel In affected versions, concurrent mount operations can allocate the sam ...

References

CWE-362https://github.com/aws/efs-utils/commit/f3a8f88167d55caa2f78aeb72d4dc1987a9ed62dhttps://github.com/aws/efs-utils/issues/125https://github.com/aws/efs-utils/security/advisories/GHSA-4fv8-w65m-3932https://access.redhat.com/errata/RHSA-2023:0450https://nvd.nist.govhttps://alas.aws.amazon.com/AL2/ALAS-2023-2342.html
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook