{"dataType":"CVE_RECORD","dataVersion":"5.1","cveMetadata":{"cveId":"CVE-2023-41793","assignerOrgId":"63375d6c-d89a-45ed-8ecc-c8c361b0e04c","state":"PUBLISHED","assignerShortName":"PandoraFMS","dateReserved":"2023-09-01T11:54:47.539Z","datePublished":"2024-03-19T16:34:48.358Z","dateUpdated":"2024-08-02T19:22:18.510Z"},"containers":{"cna":{"affected":[{"defaultStatus":"unaffected","platforms":["all"],"product":"Pandora FMS","vendor":"Pandora FMS","versions":[{"lessThanOrEqual":"<776","status":"affected","version":"700","versionType":"custom"}]}],"credits":[{"lang":"en","type":"finder","user":"00000000-0000-4000-9000-000000000000","value":"Aleksey Solovev (Positive Technologies)"}],"datePublic":"2024-03-19T17:00:00.000Z","descriptions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.&nbsp;This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.&nbsp;<span style=\"background-color: var(--darkreader-bg--wht);\">This issue affects Pandora FMS: from 700 through &lt;776.</span>"}],"value":": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776."}],"impacts":[{"capecId":"CAPEC-126","descriptions":[{"lang":"en","value":"CAPEC-126 Path Traversal"}]}],"metrics":[{"cvssV3_1":{"attackComplexity":"HIGH","attackVector":"NETWORK","availabilityImpact":"LOW","baseScore":6.7,"baseSeverity":"MEDIUM","confidentialityImpact":"HIGH","integrityImpact":"HIGH","privilegesRequired":"LOW","scope":"UNCHANGED","userInteraction":"REQUIRED","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L","version":"3.1"},"format":"CVSS","scenarios":[{"lang":"en","value":"GENERAL"}]}],"problemTypes":[{"descriptions":[{"cweId":"CWE-35","description":"CWE-35: Path Traversal","lang":"en","type":"CWE"}]}],"providerMetadata":{"orgId":"63375d6c-d89a-45ed-8ecc-c8c361b0e04c","shortName":"PandoraFMS","dateUpdated":"2024-03-19T16:34:48.358Z"},"references":[{"tags":["vendor-advisory"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}],"solutions":[{"lang":"en","supportingMedia":[{"base64":false,"type":"text/html","value":"\n\nFixed in v776.\n\n<br>"}],"value":"\nFixed in v776.\n\n"}],"source":{"discovery":"UNKNOWN"},"title":"Path Traversal and Untrusted Upload File","x_generator":{"engine":"Vulnogram 0.1.0-dev"}},"adp":[{"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2024-08-02T19:09:49.016Z"},"title":"CVE Program Container","references":[{"tags":["vendor-advisory","x_transferred"],"url":"https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/"}]},{"affected":[{"vendor":"pandorafms","product":"pandora_fms","cpes":["cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*"],"defaultStatus":"unknown","versions":[{"version":"700","status":"affected","lessThanOrEqual":"776","versionType":"custom"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2024-08-02T19:21:08.499209Z","id":"CVE-2023-41793","options":[{"Exploitation":"none"},{"Automatable":"no"},{"Technical Impact":"total"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2024-08-02T19:22:18.510Z"}}]}}