CVE-2024-29955 MEDIUM

CVE-2024-29955: Insertion of Sensitive Information into Brocade SANnav Log File

Vendor Brocade
Product Brocade SANnav
Weakness CWE-532 · Sensitive info in logs
Published April 17, 2024
Last update August 2, 2024

CVSS base score

5.0/10
Attack vector Local
Attack complexity Low
Privileges required Low
User interaction Required
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

A vulnerability in Brocade SANnav before v2.3.1 and v2.3.0a could allow a privileged user to print the SANnav encrypted key in PostgreSQL startup logs. This could provide attackers with an additional, less-protected path to acquiring the encryption key.

Key dates

02Disclosure timeline

April 17, 2024 CVE published
August 2, 2024 Record updated