Lucene search

PandoraFMSCVELIST:CVE-2023-41793

HistoryMar 19, 2024 - 4:34 p.m.

CVE-2023-41793 Path Traversal and Untrusted Upload File

2024-03-1916:34:48

CWE-35

PandoraFMS

www.cve.org

cve-2023-41793

path traversal

untrusted upload file

pandora fms

vulnerability

directory change

file creation

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "platforms": [
      "all"
    ],
    "product": "Pandora FMS",
    "vendor": "Pandora FMS",
    "versions": [
      {
        "lessThanOrEqual": "<776",
        "status": "affected",
        "version": "700",
        "versionType": "custom"
      }
    ]
  }
]

References

pandorafms.com/en/security/common-vulnerabilities-and-exposures/

6.7 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for CVELIST:CVE-2023-41793