CVE-2023-24515: Server side request forgery in api checker
First published: Tue Aug 22 2023(Updated: )
Server-Side Request Forgery (SSRF) vulnerability in API checker of Pandora FMS. Application does not have a check on the URL scheme used while retrieving API URL. Rather than validating the http/https scheme, the application allows other scheme such as file, which could allow a malicious user to fetch internal file content. This issue affects Pandora FMS v767 version and prior versions on all platforms.
Credit: cve-coordination@incibe.es
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Artica Pandora FMS | <=767 |
Remedy
Fixed in v769
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this vulnerability?
The vulnerability ID for this vulnerability is CVE-2023-24515.
What is the severity of CVE-2023-24515?
The severity of CVE-2023-24515 is medium.
What is the affected software for CVE-2023-24515?
The affected software for CVE-2023-24515 is Pandora FMS version up to 767.
What is the CWE ID for this vulnerability?
The CWE ID for this vulnerability is 918.
How can I fix CVE-2023-24515?
To fix CVE-2023-24515, it is recommended to update Pandora FMS to a fixed version or apply any available patches provided by the vendor.
- agent/references
- agent/author
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/title
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/pandorafms
- canonical/artica pandora fms
- version/artica pandora fms/767