Vulnerabilities > CVE-2023-28372 - Unspecified vulnerability in Purestorage Purity

CVSS 2.7 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

HIGH

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

purestorage

NVD

Published: 2023-10-02

Updated: 2024-09-20

Summary

A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.

Vulnerable Configurations

Part	Description	Count
Application	Purestorage Purestorage Purity *	1

References

https://support.purestorage.com/Pure_Storage_Technical_Services/Field_Bulletins/Security_Bulletins/Security_Bulletin_for_FlashBlade_Object_Store_Privileged_Access_Vulnerability_CVE-2023-28372