Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.
Metrics
Affected Vendors & Products
References
History
Mon, 02 Dec 2024 20:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: PandoraFMS
Published: 2023-11-23T14:22:01.559Z
Updated: 2024-12-02T19:39:44.273Z
Reserved: 2023-08-31T15:38:14.018Z
Link: CVE-2023-4677
Vulnrichment
Updated: 2024-08-02T07:31:06.635Z
NVD
Status : Modified
Published: 2023-11-23T15:15:10.410
Modified: 2024-11-21T08:35:39.970
Link: CVE-2023-4677
Redhat
No data.