[R1] Nessus Version 10.6.0 Fixes Multiple Vulnerabilities Arnie Cabral Tue, 08/29/2023 - 04:44
A pass-back vulnerability exists where an authenticated, remote attacker with administrator privileges could uncover stored SMTP credentials within the Nessus application. - CVE-2023-3251
An arbitrary file write vulnerability exists where an authenticated, remote attacker with administrator privileges could alter logging variables to overwrite arbitrary files on the remote host with log data, which could lead to a denial of service condition. - CVE-2023-3252
An improper authorization vulnerability exists where an authenticated, low privileged remote attacker could view a list of all the users available in the application. - CVE-2023-3253