Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
CubeFS leaks users key in logs
Vulnerability Description
CubeFS is an open-source cloud-native file storage system. CubeFS prior to version 3.3.1 was found to leak users secret keys and access keys in the logs in multiple components. When CubeCS creates new users, it leaks the users secret key. This could allow a lower-privileged user with access to the logs to retrieve sensitive information and impersonate other users with higher privileges than themselves. The issue has been patched in v3.3.1. There is no other mitigation than upgrading CubeFS.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L
Vulnerability Type
通过日志文件的信息暴露
Vulnerability Title
CubeFS 日志信息泄露漏洞
Vulnerability Description
CubeFS是CubeFS个人开发者的一种云原生文件存储。 CubeFS 3.3.1之前版本存在日志信息泄露漏洞,该漏洞源于在日志中泄露用户密钥和访问密钥。
CVSS Information
N/A
Vulnerability Type
N/A