CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

30 Nov 2023, 17:06

Type Values Removed Values Added
CPE cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CWE CWE-532
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory

24 Nov 2023, 15:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-23 15:15

Updated : 2024-02-05 00:22


NVD link : CVE-2023-4677

Mitre link : CVE-2023-4677

CVE.ORG link : CVE-2023-4677


JSON object : View

Products Affected

artica

  • pandora_fms
CWE
CWE-532

Insertion of Sensitive Information into Log File

CWE-287

Improper Authentication