CVE-2023-24515
CVSS V2 None
CVSS V3 None
Description
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.
Overview
- CVE ID
- CVE-2023-24515
- Assigner
- INCIBE
- Vulnerability Status
- PUBLISHED
- Published Version
- 2023-08-22T12:59:25.617Z
- Last Modified Date
- 2023-10-18T11:06:06.895Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ | vendor-advisory |
| https://gist.github.com/damodarnaik/9cc76c6b320510c34a0a668bd7439f7b | related |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2023-24515 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-24515 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-25 07:23:15 | Added to TrackCVE |