Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
History

Mon, 02 Dec 2024 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2023-11-23T14:22:01.559Z

Updated: 2024-12-02T19:39:44.273Z

Reserved: 2023-08-31T15:38:14.018Z

Link: CVE-2023-4677

cve-icon Vulnrichment

Updated: 2024-08-02T07:31:06.635Z

cve-icon NVD

Status : Modified

Published: 2023-11-23T15:15:10.410

Modified: 2024-11-21T08:35:39.970

Link: CVE-2023-4677

cve-icon Redhat

No data.