DSA-2023-001: Dell PowerScale OneFS Security Updates for Multiple Security Vulnerabilities

详细文章

影响

详情

受影响的产品和补救措施

修订历史记录

摘要: Dell PowerScale remediation is available for multiple security vulnerabilities that may be exploited by malicious users to compromise the affected system.

本文适用于本文不适用于本文并非针对某种特定的产品。本文并非包含所有产品版本。

High

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-22575	Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user may potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.	8.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVE-2023-22574	Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs from the cluster may potentially exploit this vulnerability, leading to Information disclosure and denial of service.	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2023-22573	Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker may potentially exploit this vulnerability, leading to sensitive information disclosure.	7.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CVE-2023-22572	Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker may potentially exploit this vulnerability, leading to system takeover.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Proprietary Code CVEs	Description	CVSS Base Score	CVSS Vector String
CVE-2023-22575	Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in celog. A low privileges user may potentially exploit this vulnerability, leading to information disclosure and escalation of privileges.	8.7	CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CVE-2023-22574	Dell PowerScale OneFS 9.0.0.x - 9.4.0.x contain an insertion of sensitive information into log file vulnerability in platform API of IPMI module. A low-privileged user with permission to read logs from the cluster may potentially exploit this vulnerability, leading to Information disclosure and denial of service.	8.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
CVE-2023-22573	Dell PowerScale OneFS 9.0.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in cloudpool. A low privileged local attacker may potentially exploit this vulnerability, leading to sensitive information disclosure.	7.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:L
CVE-2023-22572	Dell PowerScale OneFS 9.1.0.x-9.4.0.x contain an insertion of sensitive information into log file vulnerability in change password api. A low privilege local attacker may potentially exploit this vulnerability, leading to system takeover.	7.8	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Dell Technologies 建议所有客户考虑 CVSS 基本分数以及任何相关的时间和环境分数，这可能会影响与特定安全漏洞相关的潜在严重程度。

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2023-22575	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22575	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22574	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22574	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22573	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22573	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22572	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22572	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area

CVEs Addressed	Product	Affected Versions	Updated Versions	Link to Update
CVE-2023-22575	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22575	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22574	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22574	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22573	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22573	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area
CVE-2023-22572	PowerScale OneFS	9.1.0.0 through 9.1.0.26 9.2.1.0 through 9.2.1.19 9.4.0.0 through 9.4.0.10	Download and install the latest RUP. >= 9.1.0.27 >= 9.2.1.20 >= 9.4.0.11	PowerScale OneFS Downloads Area
CVE-2023-22572	PowerScale OneFS	Any other version	Upgrade your version of PowerScale OneFS.	PowerScale OneFS Downloads Area

NOTE: All above CVEs are addressed in the newly released PowerScale OneFS version 9.5.0.0.

Revision	Date	Description
1.0	2023-01-31	Initial Release
2.0	2023-07-10	Updated for enhanced presentation with no changes to content

PowerScale OneFS

文章编号: 000207863

文章类型: Dell Security Advisory

上次修改时间: 19 9月 2025