Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Pure Storage FlashArray products running Purity//FA 6.2.0 - 6.2.3, 6.1.0 - 6.1.12, 6.0.0 - 6.0.8, 5.3.0 - 5.3.17, 5.2.x and prior Purity//FA releases, and Pure Storage FlashBlade products running Purity//FB 3.3.0, 3.2.0 - 3.2.4, 3.1.0 - 3.1.12, 3.0.x and prior Purity//FB releases are vulnerable to a privilege escalation via the manipulation of Python environment variables which can be exploited by a logged-in user to escape a restricted shell to an unrestricted shell with root privileges. No other Pure Storage products or services are affected. Remediation is available from Pure Storage via a self-serve “opt-in” patch, manual patch application or a software upgrade to an unaffected version of Purity software.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Pure Storage FlashBlade 和 FlashArray 安全漏洞
Vulnerability Description
Pure Storage FlashArray和Pure Storage FlashBlade都是美国Pure Storage公司的产品。Pure Storage FlashArray是一种全 QLC 闪存存储阵列。Pure Storage FlashBlade是一个用于文件和对象工作负载的整合存储平台。 Pure Storage存在安全漏洞,攻击者利用该漏洞可以通过操纵 Python 环境变量来提升权限,以下产品和版本受到影响: FlashArray 6.2.0之前的版本,FlashBlade 3.3.
CVSS Information
N/A
Vulnerability Type
N/A