CVE-2022-23232

low-risk
Published 2022-03-04

StorageGRID (formerly StorageGRID Webscale) versions prior to 11.6.0 are susceptible to a vulnerability which when successfully exploited could allow disabled, expired, or locked external user accounts to access S3 data to which they previously had access. StorageGRID 11.6.0 obtains the user account status from Active Directory or Azure and will block S3 access for disabled user accounts during the subsequent background synchronization. User accounts that are expired or locked for Active Directory or Azure, or user accounts that are disabled, expired, or locked in identity sources other than Active Directory or Azure must be manually removed from group memberships or have their S3 keys manually removed from Tenant Manager in all versions of StorageGRID (formerly StorageGRID Webscale).

Do I need to act?

-
0.34% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
4
CVSS 4.9/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Netapp

References (2)

Vendor Advisory https://security.netapp.com/advisory/NTAP-20220303-0009/
Vendor Advisory https://security.netapp.com/advisory/NTAP-20220303-0009/
26
/ 100
low-risk
Severity 20/34 · Moderate
Exploitability 1/34 · Minimal
Exposure 5/34 · Minimal