A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
History

Fri, 25 Oct 2024 19:30:00 +0000

Type Values Removed Values Added
First Time appeared Pandorafms
Pandorafms pandora Fms
CPEs cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*
Vendors & Products Pandorafms
Pandorafms pandora Fms
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}


Tue, 22 Oct 2024 13:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 22 Oct 2024 09:15:00 +0000

Type Values Removed Values Added
Description A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.
Title Post-auth Arbitrary File Read in the Server Plugins Section
Weaknesses CWE-22
References
Metrics cvssV4_0

{'score': 8.3, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red'}


cve-icon MITRE

Status: PUBLISHED

Assigner: PandoraFMS

Published: 2024-10-22T09:03:15.776Z

Updated: 2024-10-22T13:11:36.744Z

Reserved: 2024-05-16T17:38:35.344Z

Link: CVE-2024-35308

cve-icon Vulnrichment

Updated: 2024-10-22T13:11:33.770Z

cve-icon NVD

Status : Analyzed

Published: 2024-10-22T09:15:02.927

Modified: 2024-10-25T19:06:14.100

Link: CVE-2024-35308

cve-icon Redhat

No data.