CVE-2023-41793

CVSS v3 6.7 MEDIUM

6.7^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.2 / Impact : 5.5

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope UNCHANGED

:

Path Traversal vulnerability in Pandora FMS on all allows Path Traversal. This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories. This issue affects Pandora FMS: from 700 through <776.

References

Link	Resource
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/	Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*

History

16 Sep 2025, 15:15

Type	Values Removed	Values Added
References	~~() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ -~~	() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ - Vendor Advisory
First Time		Artica Artica pandora Fms
CPE		cpe:2.3:a:artica:pandora_fms::::::::

21 Nov 2024, 08:21

Type	Values Removed	Values Added
References	~~() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ -~~	() https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/ -

Information

Published : 2024-03-19 17:15

Updated : 2025-09-16 15:15

NVD link : CVE-2023-41793

Mitre link : CVE-2023-41793

CVE.ORG link : CVE-2023-41793

JSON object : View

Products Affected

pandora_fms

CWE

CWE-35

Path Traversal: '.../...//'

{"id": "CVE-2023-41793", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.7, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:L", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.5, "exploitabilityScore": 1.2}, {"type": "Primary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 3.9}]}, "published": "2024-03-19T17:15:08.263", "references": [{"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-35"}]}], "descriptions": [{"lang": "en", "value": ": Path Traversal vulnerability in Pandora FMS on all allows Path Traversal.\u00a0This vulnerability allowed changing directories and creating files and downloading them outside the allowed directories.\u00a0This issue affects Pandora FMS: from 700 through <776."}, {"lang": "es", "value": "Vulnerabilidad de Path Traversal en Pandora FMS en todos permite Path Traversal. Esta vulnerabilidad permit\u00eda cambiar directorios y crear archivos y descargarlos fuera de los directorios permitidos. Este problema afecta a Pandora FMS: desde 700 hasta <776."}], "lastModified": "2025-09-16T15:15:05.277", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:artica:pandora_fms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43E82BDE-56AE-494A-8C82-C7E4157390AF", "versionEndExcluding": "776", "versionStartIncluding": "700"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}