Описание
Brocade SANnav versions before v2.3.0a do not correctly set permissions on files, including docker files. An unprivileged attacker who gains access to the server can read sensitive information from these files.
Ссылки
- Vendor Advisory
- Vendor Advisory
Уязвимые конфигурации
EPSS
5.7 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
Связанные уязвимости
Docker instances in Brocade SANnav before v2.3.1 and v2.3.0a have an insecure architecture and configuration that leads to multiple vulnerabilities. Docker daemons are exposed to the WAN interface, and other vulnerabilities allow total control over the Ova appliance. A Docker instance could access any other instances, and a few could access sensitive files. The vulnerability could allow a sudo privileged user on the underlying OS to access and modify these files.
Уязвимость компонента Docker Daemon программного обеспечения для управления сетью Brocade SANnav, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
EPSS
5.7 Medium
CVSS3
6.5 Medium
CVSS3