Lucene search

[email protected]CVE-2023-41793

HistoryMar 19, 2024 - 5:15 p.m.

CVE-2023-41793

2024-03-1917:15:08

CWE-35

[email protected]

web.nvd.nist.gov

path traversal

pandora fms

vulnerability

cve-2023-41793

nvd

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "<776",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

6.8 Medium

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVE-2023-41793

nvd1 cvelist1