CVE-2022-26308
First published: Mon Aug 01 2022(Updated: )
Pandora FMS v7.0NG.760 and below allows an improper access control in Configuration (Credential store) where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.
Credit: security@pandorafms.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Pandorafms Pandora Fms | <=7.0_ng_760 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Pandora FMS vulnerability?
The vulnerability ID for this Pandora FMS vulnerability is CVE-2022-26308.
What is the severity of CVE-2022-26308?
The severity of CVE-2022-26308 is medium (5.4).
What is the affected software for CVE-2022-26308?
The affected software for CVE-2022-26308 is Pandora FMS v7.0NG.760 and below.
What is the description of CVE-2022-26308?
CVE-2022-26308 is an improper access control vulnerability in Pandora FMS v7.0NG.760 and below, where a user with the role of Operator (Write) could create, delete, view existing keys which are outside the intended role.
How can I fix CVE-2022-26308?
To fix CVE-2022-26308, it is recommended to update Pandora FMS to a version that is not affected by the vulnerability.
- collector/nvd-index
- vendor/pandorafms
- canonical/pandorafms pandora fms
- version/pandorafms pandora fms/7.0_ng_760