Cron Log Backup Files Expose Administrator Session IDs in Pandora FMS <= 772

Cron Log Backup Files Expose Administrator Session IDs in Pandora FMS <= 772

CVE-2023-4677 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Cron log backup files contain administrator session IDs. It is trivial for any attacker who can reach the Pandora FMS Console to scrape the cron logs directory for cron log backups. The contents of these log files can then be abused to authenticate to the application as an administrator. This issue affects Pandora FMS <= 772.

Learn more about our Web Application Penetration Testing UK.