CVE-2022-26309

Опубликовано: 01 авг. 2022

Источник: nvd

CVSS3: 3.7

CVSS3: 8.8

EPSS Низкий

Описание

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

Ссылки

https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Third Party Advisory
https://pandorafms.com/en/security/common-vulnerabilities-and-exposures/
Vendor Advisory
https://www.incibe.es/en/cve-assignment-publication/coordinated-cves
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pandorafms:pandora_fms:*:*:*:*:*:*:*:*

Версия до 7.0_ng_759 (включая)

EPSS

Процентиль: 41%

0.00192

Низкий

3.7 Low

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352

Связанные уязвимости

CVE-2022-26309

CVSS3: 3.7

ubuntu

больше 3 лет назад

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

GHSA-6r5h-x6qw-r3wc

CVSS3: 8.8

github

больше 3 лет назад

Pandora FMS v7.0NG.759 allows Cross-Site Request Forgery in Bulk operation (User operation) resulting in elevation of privilege to Administrator group.

EPSS

Процентиль: 41%

0.00192

Низкий

3.7 Low

CVSS3

8.8 High

CVSS3

Дефекты

CWE-352