Skip to main content
NetApp Knowledge Base

Does CVE-2022-38023 impact StorageGRID?

  1. Last updated
  2. Save as PDF
Views:
145
Visibility:
Public
Votes:
0
Category:
storagegrid-webscale
Specialty:
sgrid
Last Updated:

Applies to

StorageGRID

Answer

  • The Microsoft fixes for this CVE covers Windows changes to Netlogon and Kerberos.
  • NTAP-20230110-0003 covers only the Samba use of this CVE.
  • StorageGRID utilizes Samba only for log file sharing.
  • Its use of Samba was deprecated in StorageGRID version 11.4.
  • Only Samba can be configured to use Netlogon in StorageGRID.
    • LDAP integration in StorageGRID uses TLS.

Additional Information

NetApp provides no representations or warranties regarding the accuracy or reliability or serviceability of any information or recommendations provided in this publication or with respect to any results that may be obtained by the use of the information or observance of any recommendations provided herein. The information in this document is distributed AS IS and the use of this information or the implementation of any recommendations or techniques herein is a customer's responsibility and depends on the customer's ability to evaluate and integrate them into the customer's operational environment. This document and the information contained herein may be used solely in connection with the NetApp products discussed in this document.