Security Bulletin: FlashBlade Authentication Mechanism Vulnerability

Audience
Public
Product
FlashBlade
Content Type
Source Type
Common Vulnerabilities and Exposures (CVE)

Security Bulletin: FlashBlade Authentication Mechanism Vulnerability

Vulnerability Status: Final Source: Pure Storage Initial Publication Date: 2024-07-17 Last Updated: 2025-08-12 10:07:57

Summary:

A flaw exists in FlashBlade whereby a local account is permitted to authenticate to the management interface using an unintended method that allows an attacker to gain privileged access to the array.


CVE#: CVE-2023-4976

Severity (v3): 1 - Critical

Product(s): FlashBlade

Version First Fixed: Purity//FB 3.3.11, Purity//FB 4.1.9, Purity//FB 4.2.3, Purity//FB 4.3.0, Purity//FB 4.4.0


References:

https://nvd.nist.gov/vuln/detail/CVE-2023-4976