exploitDog

CVE-2023-26560

Опубликовано: 26 апр. 2023

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

Ссылки

https://cfengine.com/blog/2023/cve-2023-26560/
Mitigation
Vendor Advisory
https://northern.tech
Product
https://cfengine.com/blog/2023/cve-2023-26560/
Mitigation
Vendor Advisory
https://northern.tech
Product

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:northern.tech:cfengine:*:*:*:*:enterprise:*:*:*

Версия от 3.6.0 (включая) до 3.21.1 (исключая)

EPSS

Процентиль: 55%

0.00326

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-203

Связанные уязвимости

GHSA-j4vh-r4c7-fpmx

CVSS3: 6.5

github

почти 3 года назад

Northern.tech CFEngine Enterprise before 3.21.1 allows a subset of authenticated users to leverage the Scheduled Reports feature to read arbitrary files and potentially discover credentials.

EPSS

Процентиль: 55%

0.00326

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-noinfo

CWE-203