All 5 CVE vulnerabilities found in cubefs, with AI-generated Chinese analysis, references, and POCs.
Vendor: cubefs
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-46742 | CubeFS leaks users key in logs CWE-532 | 4.8 | Medium | 2024-01-03 |
| CVE-2023-46741 | CubeFS leaks magic secret key when starting Blobstore access service CWE-200 | 4.8 | Medium | 2024-01-03 |
| CVE-2023-46740 | Insecure random string generator used for sensitive data CWE-330 | 6.5 | Medium | 2024-01-03 |
| CVE-2023-46739 | Timing attack can leak user passwords CWE-203 | 6.5 | Medium | 2024-01-03 |
| CVE-2023-46738 | Authenticated users can crash the CubeFS servers with maliciously crafted requests CWE-770 | 6.5 | Medium | 2024-01-03 |
All 5 known CVE vulnerabilities affecting cubefs with full Chinese analysis, references, and POCs where available.