2 matches found
CVE-2023-4677
CVSS : 9.8 (CRITICAL) for Pandora FMS Console
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...