CVE-2023-31042

A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope CHANGED

References

Link	Resource
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042	Vendor Advisory
https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:purestorage:purity::::::::
	cpe:2.3:a:purestorage:purity::::::::
	cpe:2.3:a:purestorage:purity::::::::

History

21 Nov 2024, 08:01

Type	Values Removed	Values Added
References	~~() https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042 - Vendor Advisory~~	() https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042 - Vendor Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~4.3~~	v2 : unknown v3 : 7.7

05 Oct 2023, 15:46

Type	Values Removed	Values Added
CWE		NVD-CWE-noinfo
First Time		Purestorage purity Purestorage
CPE		cpe:2.3:a:purestorage:purity::::::::
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 4.3
References	~~(MISC) https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042 -~~	(MISC) https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042 - Vendor Advisory

02 Oct 2023, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-10-02 23:15

Updated : 2024-11-21 08:01

NVD link : CVE-2023-31042

Mitre link : CVE-2023-31042

CVE.ORG link : CVE-2023-31042

JSON object : View

Products Affected

purestorage

purity

CWE

NVD-CWE-noinfo

{"id": "CVE-2023-31042", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "psirt@purestorage.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.8}]}, "published": "2023-10-02T23:15:12.397", "references": [{"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042", "tags": ["Vendor Advisory"], "source": "psirt@purestorage.com"}, {"url": "https://support.purestorage.com/Employee_Handbooks/Technical_Services/PSIRT/Security_Bulletin_for_FlashBlade_Object_Store_Protocol_CVE-2023-31042", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade\u2019s object store protocol can impact the availability of the system\u2019s data access and replication protocols. \n\n"}, {"lang": "es", "value": "Existe una falla en FlashBlade Purity por la cual un usuario autenticado con acceso al protocolo de almacenamiento de objetos de FlashBlade puede afectar la disponibilidad de los protocolos de replicaci\u00f3n y acceso a datos del sistema."}], "lastModified": "2024-11-21T08:01:18.457", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0CAD37B1-C5AC-4CD5-98DB-9D71FDA4436A", "versionEndIncluding": "3.3.6"}, {"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A110562-3372-4131-9D8E-8CEA1522BF76", "versionEndIncluding": "4.0.4", "versionStartIncluding": "4.0.0"}, {"criteria": "cpe:2.3:a:purestorage:purity:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9DDCB7D-6ADD-4C60-9B4B-1FC08832ECC4", "versionEndIncluding": "4.1.1", "versionStartIncluding": "4.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "psirt@purestorage.com"}