PAC Files Exposed to Internet Websites
CVE-2023-28794

4.3MEDIUM

Key Information:

Vendor: Zscaler
Status: Client Connector
Vendor: CVE Published:; 6 November 2023

What is CVE-2023-28794?

Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6.

Affected Version(s)

Client Connector 0 < 1.3.1.6

References

https://help.zscaler.com/client-connector/client-connecto...

CVSS V3.1

Score:

4.3

Severity:

MEDIUM

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 6, 2023
Vulnerability Reserved
Mar 23, 2023

Credit

Paul Gerste, SonarSource