Lucene search

PandoraFMSCVELIST:CVE-2023-41786

HistoryNov 23, 2023 - 2:27 p.m.

CVE-2023-41786 Database backups availability by low-privileged users

2023-11-2314:27:33

CWE-200

PandoraFMS

www.cve.org

cve-2023-41786

sensitive information exposure

unauthorized actor

file discovery

low-privileged users

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

JSON

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Pandora FMS on all allows File Discovery. This vulnerability allows users with low privileges to download database backups. This issue affects Pandora FMS: from 700 through 772.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "772",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

6.8 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:N

0.0005 Low

EPSS

Percentile

17.8%

JSON

Related for CVELIST:CVE-2023-41786