CVE-2024-35308 HIGH

CVE-2024-35308: Post-auth Arbitrary File Read in the Server Plugins Section

Vendor Pandora Fms
Product Pandora FMS
Weakness CWE-22 · Path traversal
Published October 22, 2024
Last update October 22, 2024

CVSS base score

8.3/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:L/VA:N/SC:H/SI:L/SA:N/S:N/AU:Y/R:U/V:C/RE:M/U:Red

What the vulnerability does

01Description

A post-authentication arbitrary file read vulnerability within the server plugins section in plugin edition feature. This issue affects Pandora FMS: from 700 through <777.3.

Key dates

02Disclosure timeline

October 22, 2024 CVE published
October 22, 2024 Record updated