Arbitrary File Read As Root Via GoTTY Page
CVE-2023-41808

8.5HIGH

Key Information:

Vendor: Pandora Fms
Status: Pandora Fms
Vendor: CVE Published:; 23 November 2023

🔔 Create Pandora Fms Vulnerability Alert

What is CVE-2023-41808?

An improper privilege management vulnerability in Pandora FMS allows unauthorized users to gain elevated privileges, enabling them to read sensitive files as if they possessed root access. This flaw can lead to significant information disclosure and potential misuse of sensitive data across the affected versions ranging from 700 to 773.

Affected Version(s)

Pandora FMS all 700 <= 773

References

https://pandorafms.com/en/security/common-vulnerabilities...

vendor-advisory

CVSS V3.1

Score:

8.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 23, 2023
Vulnerability Reserved
Sep 1, 2023

Credit

Oliver Brooks <[email protected]>