Skip to main content
Contact Us
Register
Pure Technical Services

Security Bulletin for FlashBlade Object Store Protocol CVE-2023-31042

  1. Last updated
  2. Save as PDF

Currently viewing public documentation. Please login to access the full scope of documentation.

Summary 

A flaw exists whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.  Pure Storage has published CVE-2023-31042 in response to this issue.

Base CVSS 3.1 Score Severity  Vector
7.7 High CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Corrective ActionEdit section

  • This issue is present in FlashBlade Purity (OE) versions 3.3.6, 4.0.0 - 4.0.4, 4.1.0 - 4.1.1
  • This issue is resolved in //FlashBlade Purity (OE) versions 3.3.7+, 4.0.5+, 4.1.2+ (Please see //FB Purity (OE) release notes for additional information)

Acknowledgements/ References

  • N/A