CVE-2023-24515
CVSS 3.1 Score 6.5 of 10 (medium)
Details
Summary
CVE-2023-24515 is a Server-Side Request Forgery (SSRF) vulnerability identified in the API checker component of Pandora FMS. This issue arises due to the application's failure to properly validate URL schemes, allowing the use of schemes other than http/https, such as file. Malicious users can exploit this vulnerability to fetch internal file content, posing a significant security risk. The flaw is present in Pandora FMS versions prior to v768 on all supported platforms. To mitigate this risk, it is strongly recommended that affected organizations upgrade to the latest version of Pandora FMS as soon as possible.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Pandorafms Pandora Fms