CVE-2023-41793 - OpenCVE

: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact Low

User Interaction Required

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

No data.

No data.

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2024-03-19T16:34:48.358Z

Updated: 2024-03-19T16:34:48.358Z

Reserved: 2023-09-01T11:54:47.539Z

Link: CVE-2023-41793

JSON object: View

NVD Information

Status : Awaiting Analysis

Published: 2024-03-19T17:15:08.263

Modified: 2024-03-20T13:00:16.367

Link: CVE-2023-41793

JSON object: View

Redhat Information

No data.

CWE

CWE-35

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-41793", "assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "state": "PUBLISHED", "assignerShortName": "PandoraFMS", "dateReserved": "2023-09-01T11:54:47.539Z", "datePublished": "2024-03-19T16:34:48.358Z", "dateUpdated": "2024-03-19T16:34:48.358Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "platforms": ["all"], "product": "Pandora FMS", "vendor": "Pandora FMS", "versions": [{"lessThanOrEqual": "<776", "status": "affected", "version": "700", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Aleksey Solovev (Positive Technologies)"}], "datePublic": "2024-03-19T17:00:00.000Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. <span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through <776.</span>"}], "value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through <776."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "CAPEC-126 Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 6.7, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "CWE-35: Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c", "shortName": "PandoraFMS", "dateUpdated": "2024-03-19T16:34:48.358Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "\n\nFixed in v776.\n\n<br>"}], "value": "\nFixed in v776.\n\n"}], "source": {"discovery": "UNKNOWN"}, "title": "Path Traversal and Untrusted Upload File", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}}}