CVE-2023-40315

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 and related Meridian versions, any user that has the ROLEFILESYSTEMEDITOR can easily escalate their privileges to ROLEADMIN or any other role. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizo...

CVE-2023-40612

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

OpenNMS Horizon 安全漏洞

OpenNMS Horizon is an open source solution from OpenNMS that helps you visualize and monitor everything on your local and remote networks. A security vulnerability exists in OpenNMS Horizon versions prior to 32.0.2, which stems from the fact that any user with the ROLEFILESYSTEMEDITOR privilege c...

PT-2023-27378 · Opennms · Opennms Horizon +1

Name of the Vulnerable Software and Affected Versions: OpenMNS Horizon versions 31.0.8 through 32.0.2 Meridian versions prior to 2023.1.5 Description: The issue allows any user with the ROLE FILESYSTEM EDITOR to easily escalate their privileges to ROLE ADMIN or any other role. The affected softwa...