CVE-2023-41808: Arbitrary File Read As Root Via GoTTY Page

8.5 CVSS

Description

Improper Privilege Management vulnerability in Pandora FMS on all allows Privilege Escalation. This vulnerability allows an unauthorised user to escalate and read sensitive files as if they were root. This issue affects Pandora FMS: from 700 through 773.

Classification

CVE ID: CVE-2023-41808

CVSS Base Severity: HIGH

CVSS Base Score: 8.5

Affected Products

Vendor: Pandora FMS

Product: Pandora FMS

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.14% (probability of being exploited)

EPSS Percentile: 49.84% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/

Timeline

2024-12-03 00:11:31 UTC
CVE

Arbitrary File Read As Root Via GoTTY Page