CVE-2023-41793 (GCVE-0-2023-41793)
Vulnerability from cvelistv5 – Published: 2024-03-19 16:34 – Updated: 2024-08-02 19:22
VLAI?
Summary
: Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.
Severity ?
6.7 (Medium)
CWE
- CWE-35 - Path Traversal
Assigner
References
| URL | Tags | ||||
|---|---|---|---|---|---|
|
|||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Pandora FMS | Pandora FMS |
Affected:
700 , ≤ <776
(custom)
|
Credits
Aleksey Solovev (Positive Technologies)
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:09:49.016Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"vendor-advisory",
"x_transferred"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "pandora_fms",
"vendor": "pandorafms",
"versions": [
{
"lessThanOrEqual": "776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41793",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-02T19:21:08.499209Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-02T19:22:18.510Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"platforms": [
"all"
],
"product": "Pandora FMS",
"vendor": "Pandora FMS",
"versions": [
{
"lessThanOrEqual": "\u003c776",
"status": "affected",
"version": "700",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"user": "00000000-0000-4000-9000-000000000000",
"value": "Aleksey Solovev (Positive Technologies)"
}
],
"datePublic": "2024-03-19T17:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u0026nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u0026nbsp;\u003cspan style=\"background-color: var(--darkreader-bg--wht);\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e"
}
],
"value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-35",
"description": "CWE-35: Path Traversal",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-19T16:34:48.358Z",
"orgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"shortName": "PandoraFMS"
},
"references": [
{
"tags": [
"vendor-advisory"
],
"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"
}
],
"solutions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\n\nFixed in v776.\n\n\u003cbr\u003e"
}
],
"value": "\nFixed in v776.\n\n"
}
],
"source": {
"discovery": "UNKNOWN"
},
"title": "Path Traversal and Untrusted Upload File",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "63375d6c-d89a-45ed-8ecc-c8c361b0e04c",
"assignerShortName": "PandoraFMS",
"cveId": "CVE-2023-41793",
"datePublished": "2024-03-19T16:34:48.358Z",
"dateReserved": "2023-09-01T11:54:47.539Z",
"dateUpdated": "2024-08-02T19:22:18.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\\u00a0This issue affects Pandora FMS: from 700 through \u003c776.\"}, {\"lang\": \"es\", \"value\": \"Vulnerabilidad de Path Traversal en Pandora FMS en todos permite Path Traversal. Esta vulnerabilidad permit\\u00eda cambiar directorios y crear archivos y descargarlos fuera de los directorios permitidos. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;776.\"}]",
"id": "CVE-2023-41793",
"lastModified": "2024-11-21T08:21:41.950",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@pandorafms.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L\", \"baseScore\": 6.7, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 1.2, \"impactScore\": 5.5}]}",
"published": "2024-03-19T17:15:08.263",
"references": "[{\"url\": \"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\", \"source\": \"security@pandorafms.com\"}, {\"url\": \"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security@pandorafms.com",
"vulnStatus": "Awaiting Analysis",
"weaknesses": "[{\"source\": \"security@pandorafms.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-35\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2023-41793\",\"sourceIdentifier\":\"security@pandorafms.com\",\"published\":\"2024-03-19T17:15:08.263\",\"lastModified\":\"2025-09-16T15:15:05.277\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through \u003c776.\"},{\"lang\":\"es\",\"value\":\"Vulnerabilidad de Path Traversal en Pandora FMS en todos permite Path Traversal. Esta vulnerabilidad permit\u00eda cambiar directorios y crear archivos y descargarlos fuera de los directorios permitidos. Este problema afecta a Pandora FMS: desde 700 hasta \u0026lt;776.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@pandorafms.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L\",\"baseScore\":6.7,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":1.2,\"impactScore\":5.5},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N\",\"baseScore\":6.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":3.9,\"impactScore\":2.5}]},\"weaknesses\":[{\"source\":\"security@pandorafms.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-35\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"700\",\"versionEndExcluding\":\"776\",\"matchCriteriaId\":\"43E82BDE-56AE-494A-8C82-C7E4157390AF\"}]}]}],\"references\":[{\"url\":\"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\",\"source\":\"security@pandorafms.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\", \"tags\": [\"vendor-advisory\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T19:09:49.016Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-41793\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-08-02T19:21:08.499209Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*\"], \"vendor\": \"pandorafms\", \"product\": \"pandora_fms\", \"versions\": [{\"status\": \"affected\", \"version\": \"700\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"776\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-08-02T19:22:12.425Z\"}}], \"cna\": {\"title\": \"Path Traversal and Untrusted Upload File\", \"source\": {\"discovery\": \"UNKNOWN\"}, \"credits\": [{\"lang\": \"en\", \"type\": \"finder\", \"user\": \"00000000-0000-4000-9000-000000000000\", \"value\": \"Aleksey Solovev (Positive Technologies)\"}], \"impacts\": [{\"capecId\": \"CAPEC-126\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-126 Path Traversal\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 6.7, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"MEDIUM\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"HIGH\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"Pandora FMS\", \"product\": \"Pandora FMS\", \"versions\": [{\"status\": \"affected\", \"version\": \"700\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"\u003c776\"}], \"platforms\": [\"all\"], \"defaultStatus\": \"unaffected\"}], \"solutions\": [{\"lang\": \"en\", \"value\": \"\\nFixed in v776.\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\\n\\nFixed in v776.\\n\\n\u003cbr\u003e\", \"base64\": false}]}], \"datePublic\": \"2024-03-19T17:00:00.000Z\", \"references\": [{\"url\": \"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/\", \"tags\": [\"vendor-advisory\"]}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\\u00a0This issue affects Pandora FMS: from 700 through \u003c776.\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u0026nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u0026nbsp;\u003cspan style=\\\"background-color: var(--darkreader-bg--wht);\\\"\u003eThis issue affects Pandora FMS: from 700 through \u0026lt;776.\u003c/span\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-35\", \"description\": \"CWE-35: Path Traversal\"}]}], \"providerMetadata\": {\"orgId\": \"63375d6c-d89a-45ed-8ecc-c8c361b0e04c\", \"shortName\": \"PandoraFMS\", \"dateUpdated\": \"2024-03-19T16:34:48.358Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2023-41793\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-02T19:22:18.510Z\", \"dateReserved\": \"2023-09-01T11:54:47.539Z\", \"assignerOrgId\": \"63375d6c-d89a-45ed-8ecc-c8c361b0e04c\", \"datePublished\": \"2024-03-19T16:34:48.358Z\", \"assignerShortName\": \"PandoraFMS\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…