CVE-2022-26308 LOW

CVE-2022-26308: Improper Access Control in Configuration (Credential store)

Vendor Artica Pfms

Product Pandora FMS

Weakness CWE-284

Published August 1, 2022

Last update September 17, 2024

View on NVD All CVEs

CVSS base score

3.7/10

Attack vector Network

Attack complexity High

Privileges required Low

User interaction Required

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N

What the vulnerability does

01Description

Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.

Key dates

02Disclosure timeline

August 1, 2022 CVE published

September 17, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2022-26308

Related vulnerabilities

CVE-2022-26308: Improper Access Control in Configuration (Credential store)

01Description

02Disclosure timeline

03References

04Related CVE