CVE-2023-4677

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

21 Nov 2024, 08:35

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 7.0
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory

30 Nov 2023, 17:06

Type Values Removed Values Added
First Time Artica pandora Fms
Artica
References () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - () https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 9.8
CPE cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*
CWE CWE-532

23 Nov 2023, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2023-11-23 15:15

Updated : 2024-11-21 08:35


NVD link : CVE-2023-4677

Mitre link : CVE-2023-4677

CVE.ORG link : CVE-2023-4677


JSON object : View

Products Affected

artica

  • pandora_fms
CWE
CWE-287

Improper Authentication

CWE-532

Insertion of Sensitive Information into Log File