6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.7%
A security vulnerability has been identified in IBM Spectrum Scale CSI that could allow unauthorized access. A fix for this vulnerability is available.
CVEID:CVE-2022-40607
**DESCRIPTION:**IBM Spectrum Scale could allow users with permissions to create pod, persistent volume and persistent volume claim to access files and directories outside of the volume, including on the host filesystem.
CVSS Base score: 6.8
CVSS Temporal Score: See: https://exchange.xforce.ibmcloud.com/vulnerabilities/235740 for the current score.
CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)
Affected Product(s) | Version(s) |
---|---|
IBM Spectrum Scale | CSI 2.6.0 or before (CNSA 5.1.4.0 or before) |
For IBM Spectrum Scale CSI 2.6.0 or before (CNSA 5.1.4.0 or before), apply Spectrum Scale CSI 2.6.1 or later (CNSA 5.1.4.1 or later)
If you are using standalone CSI, please follow the IBM Spectrum Scale CSI instructions for upgrade steps to Spectrum Scale CSI 2.6.1 or later : <https://www.ibm.com/docs/en/spectrum-scale-csi>
If you are using CSI deployed with CNSA, please follow the IBM Spectrum Scale Container Native instructions for upgrade steps to Spectrum Scale Container Native Storage Access 5.1.4.1 or later: <https://www.ibm.com/docs/en/scalecontainernative>
Note: This security vulnerability does not impact the non-containerized Scale images used either as the base for the standalone CSI, or in a remote mount storage cluster for CSI or CNSA; however, the CSI or CNSA versions being upgraded to may require to upgrade the non-containerized Scale images in those environments. The required non-containerized Scale can be downloaded from FixCentral.
None
CPE | Name | Operator | Version |
---|---|---|---|
ibm spectrum scale | eq | 5.1 |
6.8 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
19.7%