HIGH risk vulnerability CVE-2023-51786 has been discovered in Lustre where users may gain access to files and/or folders which they should not have permission to access based on their user or group ID. This may lead to data compromise or possible privilege escalation. Vulnerable versions are 2.13.x, 2.14.x, and 2.15.x before 2.15.4.

Sites are recommended to upgrade to version 2.15.4.

For details, please see https://advisories.egi.eu/Advisory-EGI-SVG-2024-04