4 matches found
CVE-2023-4677
creationtimestamp| type| source ---|---|--- 2024-01-09 16:40:06+00:00| seen| https://t.me/truesecator/5271 2025-01-16 17:15:23+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfursbuxsc2b 2025-01-16 18:44:15+00:00| seen|...
CVE-2023-4677
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...
CVE-2023-4677
CVSS : 9.8 (CRITICAL) for Pandora FMS Console
CVE-2023-4677 Unauthenticated Admin Account Takeover Via Cron Log File Backups
Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This iss...