Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
NA

CVE-2023-46739

Published: 03/01/2024 Updated: 10/01/2024
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 0

Vulnerability Summary

CubeFS is an open-source cloud-native file storage system. A vulnerability was found during in the CubeFS master component in versions before 3.3.1 that could allow an untrusted malicious user to steal user passwords by carrying out a timing attack. The root case of the vulnerability was that CubeFS used raw string comparison of passwords. The vulnerable part of CubeFS was the UserService of the master component. The UserService gets instantiated when starting the server of the master component. The issue has been patched in v3.3.1. For impacted users, there is no other way to mitigate the issue besides upgrading.

Vulnerable Product Search on Vulmon Subscribe to Product

linuxfoundation cubefs

References

CWE-203https://github.com/cubefs/cubefs/security/advisories/GHSA-8579-7p32-f398https://github.com/cubefs/cubefs/commit/6a0d5fa45a77ff20c752fa9e44738bf5d86c84bdhttps://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-23692malicious code‎XML injectionCVE-2024-28020CVE-2024-35252CVE-2024-5833CVE-2024-30066injectionCVE-2024-23282
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook