Browse all 5 CVE security advisories affecting cubefs. AI-powered Chinese analysis, POCs, and references for each vulnerability.
CubeFS is a distributed storage system designed for cloud-native environments, handling large-scale data storage and access across multiple nodes. Historically, it has been vulnerable to remote code execution, cross-site scripting, and privilege escalation flaws, often stemming from improper input validation and access control weaknesses. The system's distributed architecture introduces complex attack surfaces, with past incidents involving unauthorized access through exposed management interfaces and insecure default configurations. While no major public breaches have been widely documented, the five CVEs highlight ongoing security challenges in maintaining consistent access controls across distributed components, particularly in containerized deployments where misconfigurations can lead to system compromise.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2023-46742 | CubeFS leaks users key in logs — cubefsCWE-532 | 4.8 | Medium | 2024-01-03 |
| CVE-2023-46741 | CubeFS leaks magic secret key when starting Blobstore access service — cubefsCWE-200 | 4.8 | Medium | 2024-01-03 |
| CVE-2023-46740 | Insecure random string generator used for sensitive data — cubefsCWE-330 | 6.5 | Medium | 2024-01-03 |
| CVE-2023-46739 | Timing attack can leak user passwords — cubefsCWE-203 | 6.5 | Medium | 2024-01-03 |
| CVE-2023-46738 | Authenticated users can crash the CubeFS servers with maliciously crafted requests — cubefsCWE-770 | 6.5 | Medium | 2024-01-03 |
This page lists every published CVE security advisory associated with cubefs. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.